This module introduces the learner to core concepts and skills needed to monitor, detect, analyse and respond to internal and external security threats facing organisations. The module involves a practical application of the skills needed to maintain and ensure security operational readiness of secure networked systems.
This module will ensure learners meet the following objectives:
- Understand the key concepts of information security, incident response and risk management.
- Investigate the requirements to ensure confidentiality integrity and availability of IS and related components.
- Awareness of key threats to IS and related components.
- Apply standards and compliance recommendations in defending against and responding to security incidents and threats.
Principles of Systems and Network Security
- Classify the various types of network attacks.
- Attackers and their tools how networks are attacked.
- Common Threats and Attacks
Network Attacks: A Deeper Look
- Use network monitoring tools to identify attacks that against network protocols and services.
- Observing Network Operation, traffic monitoring.
- Attacking the Foundation, how TCP/IP vulnerabilities enable network attacks.
- Attacking What We Do, how common network applications and services are vulnerable to attack.
Protecting IT infrastructures
- Methods to prevent malicious access to computer networks, hosts, and data.
- Understanding Defence, approaches to network security.
- Access Control as a method of protecting a network.
- Network Firewalls and Intrusion Prevention, how firewalls and other devices prevent network intrusions.
- How content filtering prevents unwanted data from entering the network.
- Threat Intelligence, how to locate current security threats.
Cryptography and the Public Key Infrastructure
- Explain the impacts of cryptography on network security monitoring.
- Cryptography tools to encrypt and decrypt data.
- Public Key Cryptography, how the public key infrastructure (PKI) supports network security.
Endpoint Security and Analysis
- How to investigate endpoint vulnerabilities and attacks.
- Endpoint Protection, how to generate a malware analysis report.
- Endpoint Vulnerability Assessment
- Technologies and Protocols Explain how security technologies affect security monitoring.
- Log Files Explain the types of log files used in security monitoring
Intrusion Data Analysis
- Analyse network intrusion data to identify compromised hosts and vulnerabilities
- How security-related data is collected.
- Data preparation for intrusion data analysis.
- Analyse intrusion data to determine the source of an attack.
Incident Response and Handling
- Explain how network security incidents are handled.
- Apply incident response models to an intrusion event.
- Apply standards specified in NIST 800-61r2 to a computer security incident.
- Case Study - Given a set of logs, isolate a threat actor and recommend an incident response plan.