Submitted by Hugh_Hughes on Sun, 08/18/2019 - 20:47
Module Title
Cybersecurity Defence & Operations
Module Credits
Module Semester
Module Status

This module introduces the learner to core concepts and skills needed to monitor, detect, analyse and respond to internal and external security threats facing organisations. The module involves a practical application of the skills needed to maintain and ensure security operational readiness of secure networked systems.


This module will ensure learners meet the following objectives:

  • Understand the key concepts of information security, incident response and risk management.
  • Investigate the requirements to ensure confidentiality integrity and availability of IS and related components.
  • Awareness of key threats to IS and related components.
  • Apply standards and compliance recommendations in defending against and responding to security incidents and threats.

Principles of Systems and Network Security

  • Classify the various types of network attacks.
  • Attackers and their tools how networks are attacked.
  • Common Threats and Attacks

Network Attacks: A Deeper Look

  • Use network monitoring tools to identify attacks that against network protocols and services.
  • Observing Network Operation, traffic monitoring.
  • Attacking the Foundation, how TCP/IP vulnerabilities enable network attacks.
  • Attacking What We Do, how common network applications and services are vulnerable to attack.

Protecting IT infrastructures

  • Methods to prevent malicious access to computer networks, hosts, and data.
  • Understanding Defence, approaches to network security.
  • Access Control as a method of protecting a network.
  • Network Firewalls and Intrusion Prevention, how firewalls and other devices prevent network intrusions.
  • How content filtering prevents unwanted data from entering the network.
  • Threat Intelligence, how to locate current security threats.

Cryptography and the Public Key Infrastructure

  • Explain the impacts of cryptography on network security monitoring.
  • Cryptography tools to encrypt and decrypt data.
  • Public Key Cryptography, how the public key infrastructure (PKI) supports network security.

Endpoint Security and Analysis

  • How to investigate endpoint vulnerabilities and attacks.
  • Endpoint Protection, how to generate a malware analysis report.
  • Endpoint Vulnerability Assessment

Security Monitoring

  • Technologies and Protocols Explain how security technologies affect security monitoring.
  • Log Files Explain the types of log files used in security monitoring

Intrusion Data Analysis

  • Analyse network intrusion data to identify compromised hosts and vulnerabilities
  • How security-related data is collected.
  • Data preparation for intrusion data analysis.
  • Analyse intrusion data to determine the source of an attack.

Incident Response and Handling

  • Explain how network security incidents are handled.
  • Apply incident response models to an intrusion event.
  • Apply standards specified in NIST 800-61r2 to a computer security incident.
  • Case Study - Given a set of logs, isolate a threat actor and recommend an incident response plan.
Module Assessment
Continuous Assessment