GA_KCYOC_N09 Programme Documentation - Certificate in Cybersecurity Operations - GMIT
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
________________________________________________________________________________________________________________
GA_KCYOC_N09
Certificate in Cybersecurity Operations
______________________________________________________________________________________________________________
Programme Documentation
Contents of this document are copyright of Galway Mayo Institute of Technology
Time & Date Retrieved: 13:07:31 08-Apr-2021Table of Contents Programme Overview 3 Programme Learning Outcomes 5 Approved Programme Schedule - GA_KCYOC_N09 Certificate in Cybersecurity Operations 6 Programme Delivery Schedule 7 Programme Assessment Matrix 8 Approved Modules 9 Stage 5 Modules 10 COMP09025 Incident Detection and Response 11 COMP09028 Programming for Cybersecurity 15 TECH09010 Security Operations 18
Page 3 of 20
GA_KCYOC_N09
Certificate in Cybersecurity Operations
Programme Overview
Full Title Certificate in Cybersecurity Operations
Status Uploaded to Banner Programme Code GA_KCYOC_N09
Level 09 Required Credits 30
Delivered By Stage Minimum Duration 1
Start Term 2020 ISCED Code 0610 - Info and Comm Technologies
Award Class Minor Award Award Type Certificate
Award Standard Computing Department Business, Humanities and Tech
Delivery Mode(s) Online Learning
Programme Authors
Mark Frain, Seamus Dowling, Brian Mulhern, Andrew Beatty
Aim
The aim of the Certificate is to educate IT practitioners in responding to cyber-attack incidents. It examines the tools to identify threat actors
and the models & frameworks that are followed to manage the response to these threats. It can be considered the stage when security
controls have failed. In such an event, cybersecurity operations attempt to respond to the incident and defend the compromised vulnerability.
As well as the theoretical component of malicious compromises and vulnerable attack vectors, successful applicants will work on practical
solutions to ensure secure IT infrastructure. Data analytics are a key component of providing secure operations and successful applicants will
also use relevant programming platforms to visualise threat data, aiding incident response. Cybersecurity operations involves implementing
secure architecture to defend against attacks.
A key objective of this minor award is to provide a pathway for IT professionals to upskill in the area of cybersecurity operations. Developed in
partnership with HPE and other industries, it provides the pathway for learners to pursue a L9 Masters in Cybersecurity Operations. A learner
can pursue a major L9 award by subsequently completing a 60 credit L9 thesis, developing an incident response proposal for industry.
Entry Requirements and Access Routes
Candidates must hold a level 8 Bachelor (Honours) degree with a minimum grade classification of H2.1 in a L8 major award or equivalent in
IT/Computing or cognate area.
Selection
Applications are ranked in order of merit.
English Language Requirements
English Language Requirements will be as determined by GMIT and as published in the Access, Transfer and Progression code. The current
requirements are as follows:
Non-native English speakers who are applicants for Level 9 taught programmes are required to have a minimum score of 6.0 in the IELTS or
equivalent. All results must have been achieved within 2 years of application to GMIT.
Further details on English language requirements are available at https://www.gmit.ie/international/english-language-requirements-0
Recognition of Prior Learning
GMIT is committed to the principles of transparency, equity and fairness in recognition of prior learning (RPL) and to the principle of valuing all
learning regardless of the mode or place of its acquisition. Recognition of Prior Learning may be used to:
1. Gain admission to the programme.
2. Gain credits and exemptions from programme modules after admission.
3. In award years, RPL will be considered, to a 50% maximum
Academic Code of Practice No. 6 outlines the policies and procedures for the Recognition of Prior Learning. Guidance for applicants is
provided on myexperience.ie
Transfer Routes
GA_KCYOC_N09 2020 - Uploaded to Banner Academic Module Manager 3.0Page 4 of 20 Applications are welcome from candidates who have partially completed cognate programmes. Candidates, both internal and external, already registered on programmes who wish to transfer to this programme apply directly to the Institution, providing documentation relating to results and programme content. These are assessed, and if appropriate students are admitted at a level appropriate to their prior learning. Progression Pathways On successful completion learners may progress onto the level 9 Masters in Cybersecurity Operations in GMIT or similar course offerings. Teaching & Learning Strategy At the start of all modules lecturers will schedule a webinar detailing how to communicate with lecturer and other students (email and forums). It will be highlighted that some assessment activities will require collaboration on the virtual learning environment (VLE) or other channels. Lecturers will interact with students on VLE forum. Lecturers will lead by example by posting comments on their comments and facilitate discussion by posting links to relevant and interesting material. Timely feedback will be given on assessment submissions. Lecturers will encourage discussion around their solutions versus others. Live (and recorded) webinars will be posted as links and will be continuously referred to during module. The following information will be posted on moodle: tasks, expected deliverable, deadlines, assessment materials and other sources to complete assessment. Online and blended delivery requires more facilitation for social interaction. This will involve an initial get-to-know-you webinar. Forum discussions will ensure that all students share a little about themselves. Students in the same geographic area will be encouraged to collaborate. This overlaps with other both the cognitive and teaching presences. Period webinars will be scheduled with specific ‘agenda’ points to be discussed. Students will need to prepare for these webinar by completing e-tivities in advance, and discuss their findings during the webinar. Students will be encouraged to use their own social networking groups whereby they can get instant notifications of comments and can contribute to discussions Cognitive presence will be ‘assessed’ and monitored for socially distanced face-to face and online/blended delivery. This should be an iterative process whereby students will demonstrate their growing knowledge of Network Cybersecurity concepts. Constant feedback and participation by the lecturer (on social platforms, classroom and VLE) and feedback on their performance of past assessment items, will be provided. Teaching presence is relevant for online delivery. This should engage and challenge the student. They should want to pursue the next task and apply what they have learned. Lab practical tasks will assess elements of all modules. Intermittent quizzes and reflective activities will also be posted although these will not contribute to assessment marks. Assessment Strategy The awards will be assessed in accordance with GMIT Marks and Standards (Academic Code of Practice No 3.) as approved by Academic Council. Assessment will be appropriate to the Learning Outcomes. The objective of the Assessment Strategy is to ensure the effective transfer of learning to the workplace. Assessment will be both formative and summative in nature. Information concerning the nature of continuous assessment in each module will be discussed and agreed with learners and external examiners at the start of the academic year. To ensure an even assessment load for learners a schedule will be established by the Programme Board at the commencement of the year and will be discussed and agreed with learners. An individual learning plan will be developed for course modules and presented to each learner. This will also allow learners to track progress through course assessments but also recognise what is expected by engaging with this module. A Programme Assessment Matrix is included with this document. Decisions on nature of assessment will be linked to the requirement to achieve particular learning outcomes. They may be in the form of a written assessment, project or other relevant assessment. Individuals should be interviewed or asked to present their work in a formal context to validate authenticity and ownership of work. Repeat facilities will be accommodated in line with GMIT Code of Practice No. 3 and in compliance with programme board decisions. Student Feedback Strategy Learner feedback will be provided in a variety of different forms: written, electronic or verbal to ensure the learner has access to feedback whether they are part-time, distance or work-based. Feedback will be provided throughout the programme/module and will align with any assessment criteria as outlined prior to the assessment. Feedback will be provided in a timely manner based on receipt of submissions for assignments. Additional Information Due to the evolving Covid-19 situation, the Programme TLA strategy will be dynamically guided by policies from the Department of Health and GMIT. GA_KCYOC_N09 2020 - Uploaded to Banner Academic Module Manager 3.0
Page 5 of 20
Programme Learning Outcomes
Programme Learning Outcomes
On successful completion of this programme the
Strand learner will/should be able to: Modules Mapped to Outcomes
Knowledge 1. The learner will have expert knowledge of one or more COMP09025 Incident Detection and Response
Breadth current, incident detection and response methodologies that COMP09028 Programming for Cybersecurity
use state-of-the-art data collection and analytical tools TECH09010 Security Operations
2. The learner will have expert knowledge of programming
in a cybersecurity context.
Knowledge Kind 3. The learner will have critical awareness of current tactics, COMP09025 Incident Detection and Response
techniques and procedures (TTPs) associated with Criminal TECH09010 Security Operations
Cyber Groups, Nation States, and Advanced Persistent
Threat (APT) groups and demonstrate a critical
understanding of intelligence in cybersecurity operations to
detect and respond to ongoing incidents.
Know How & Skill 4. The learner will be able communicate to a range of COMP09025 Incident Detection and Response
Range audiences in both written and verbal media about new and COMP09028 Programming for Cybersecurity
emerging theories and technologies in an articulate and TECH09010 Security Operations
convincing fashion, relating to incident detection and
response methodologies, programming languages and
secure architecture.
Know How & Skill 5. The learner will be able to integrate knowledge of various COMP09025 Incident Detection and Response
Selectivity technologies and computing principles to successfully plan COMP09028 Programming for Cybersecurity
and develop an incident detection and response policy TECH09010 Security Operations
6. The learner will develop new cybersecurity operational
skills to a high level, involving novel and emerging
techniques in programming and IT architectural security.
Competence 7. The learner will be able to analyse and document COMP09025 Incident Detection and Response
Context measures to detect and respond to Cyber Threats TECH09010 Security Operations
COMP09028 Programming for Cybersecurity
8. The learner will be able design and implement
applications and secure configurations that requires
significant preliminary research
Competence Role 9. The learner will be able to initiate, lead and manage COMP09025 Incident Detection and Response
projects of significant complexity involving multidisciplinary COMP09028 Programming for Cybersecurity
cybersecurity operational teams TECH09010 Security Operations
Competence 10. The learner will be able to demonstrate an COMP09025 Incident Detection and Response
Learning to Learn understanding of the importance of continuing personal COMP09028 Programming for Cybersecurity
development in incident detection and response, associated TECH09010 Security Operations
programming languages and secure IT architecture
Competence 11. The learner will be able to demonstrate a critical COMP09025 Incident Detection and Response
Insight appreciation of the design issues associated COMP09028 Programming for Cybersecurity
with cybersecurity operations within an organisation and the TECH09010 Security Operations
wider social context.
GA_KCYOC_N09 2020 - Uploaded to Banner Academic Module Manager 3.0Page 6 of 20
Approved Programme Schedule - GA_KCYOC_N09 Certificate in Cybersecurity Operations
Stage 5
Delivery Code Module Title Level Credit M/E OL CA PJ PC FE Total
YEAR COMP09025 Incident Detection and Response 09 10 M 4.00 40 35 25 0 100
YEAR COMP09028 Programming for Cybersecurity 09 10 M 4.00 0 60 40 0 100
YEAR TECH09010 Security Operations 09 10 M 4.00 60 40 0 0 100
Credit Total 30
Semesters Per Stage Elective Rules Per Stage Credits Required Per Stage Percentage Allocation towards Award
2 0 30 100
Key
M/E - Mandatory/Elective, OL - Online Learning, CA - Continuous Assessment, PJ - Project, PC - Practical, FE - Final Exam,
GA_KCYOC_N09 2020 - Uploaded to Banner Academic Module Manager 3.0Page 7 of 20
Programme Delivery Schedule
Stage 5 - Delivery Mode Online Learning
Online
Delivery Code Module Title Level Credit M/E Lecture Practical Learning Total
YEAR COMP09025 Incident Detection and Response 09 10 M 4 4.00
YEAR COMP09028 Programming for Cybersecurity 09 10 M 2 2 4.00
YEAR TECH09010 Security Operations 09 10 M 4 4.00
Total 2.00 2.00 8.00
Stage Average Weekly Contact Hours Semester 1 Average Weekly Contact Hours Semester 2 Average Weekly Contact Hours
11 11 11
GA_KCYOC_N09 2020 - Uploaded to Banner Academic Module Manager 3.0Page 8 of 20
Programme Assessment Matrix
Stage 5 Year Long
Module
Outcomes % of
Code Module Title M/E Type Description Assessed Total Indicative Week
COMP09025 Incident Detection And Response M CA Critically evaluate models and frameworks 1,3 20 Week 6
TECH09010 Security Operations M CA Assignment 1 - Vulnerability Assessment - Penetration Testing 1,2,3 30 Week 7
COMP09025 Incident Detection And Response M CA Implement a data collection platform and collate information 2,3 20 Week 12
TECH09010 Security Operations M CA Assignment 2 - System Hardening - Security Policies 1,2,3,4,5 30 Week 14
COMP09025 Incident Detection And Response M PC Install and evaluate a suite of forensics, triage and analytics tools 2,3,4,5 25 Week 18
TECH09010 Security Operations M PJ Project 1,2,3,4,5 40 Week 20
COMP09025 Incident Detection And Response M PJ Group project (3/4 pax) creating an IRD policy document 1,2,3,4,5,6 35 End of Term
COMP09028 Programming For Cybersecurity M PJ Project 1,2,3,4,5,6 60 End of Term
COMP09028 Programming For Cybersecurity M PC Continuous Assessment 1,5,6 40 OnGoing
GA_KCYOC_N09 2020 - Uploaded to Banner Academic Module Manager 3.0Page 9 of 20
Approved Modules
Stage Approved Modules New Modules
5 COMP09025 Incident Detection and Response
COMP09028 Programming for Cybersecurity
TECH09010 Security Operations
GA_KCYOC_N09 2020 - Uploaded to Banner Academic Module Manager 3.0Page 10 of 20
______________________________________________________________________________________________________________________________________________
Stage 5 Modules
______________________________________________________________________________________________________________________________________________
GA_KCYOC_N09 2020 - Uploaded to Banner Academic Module Manager 3.0Page 11 of 20
COMP09025
Incident Detection and Response
Mandatory Delivered in Stage 5 Year Long
Full Title Incident Detection and Response
Status Uploaded to Banner Start Term 2020
NFQ Level 09 ECTS Credits 10
Module Code COMP09025 Duration Stage - (26 Weeks)
Grading Mode Numeric Department Business, Humanities and Tech
Module Author Seamus Dowling
Co Authors Brian Mulhern
Module Description
When cyber security controls are circumvented, an organization must respond to cyber incidents. Security operations personnel need to have
the skills to systematically neutralize a threat. These steps include formal incident response preparation and planning, threat identification,
containment and eradication measures, and implementation of robust controls to mitigate against future compromises.
This module explores the necessary processes and tools used to respond effectively to a detected threat. A structured process of Incident
Detection and Response will assist cyber security professionals in proactively searching for cyber security threats. Once detected, this process
will ensure that the threat is analysed and neutralised. Information learned from this structured process ensures that cyber security
professionals recognise the methods used by current and evolving threats. This module details the preparatory processes that are required in
advance, such as incident detection and response policy documentation, teams and communication channels. These processes ensure that
detection and reporting structures exist, enabling an organisation to triage a threat and assess its criticality. Containment and threat analysis
can be reported back through the process ensuring that post-incident information will aid further detection and strengthen an organisation’s
cyber defences
Learning Outcomes
On completion of this module the learner will/should be able to:
1. Integrate advanced theoretical knowledge in the development of Incident Detection and Response policies.
2. Independently evaluate and critically analyse data collection tools, platforms.
3. Apply current accepted methodologies and frameworks for incident response and detection
4. Integrate knowledge of malware forensics to identify and manage cyber threats.
5. Apply accepted methodologies for tackling design issues associated with threat remediation.
6. Critically evaluate Incident Detection and Response policies in industry specific environments.
Indicative Syllabus
Incident detection and Response Methodologies
Methodologies & frameworks
Preparation, Identification, Containment, Eradication, Recovery, and Lessons learned.
Mitre Att&ck, CKC
Intelligence and process driven response
Policies and Documentation
Incident response best practice
Incident response policies
Communication channels
Global repositories and reports
Logging and Data Collection
Malware collection
Shadow IT monitoring
GA_KCYOC_N09 2020 - Uploaded to Banner Academic Module Manager 3.0Page 12 of 20
OS tools (PowerShell, WMI)
Network device activity collection
SIEM integration
Proactive engagement (honeypots, IDS)
Forensics, Triage and Analysis
Intrusion Analysis
Tracking APTs and actors
Sandboxing and code extraction
Tools (Splunk, SolarWinds, Kali, EnCase, Wireshark, Forensic Toolkits)
Endpoint Protection and Response (EDR)
Damage assessment
Timeline and Memory analysis
Remediation and Recovery
Patches, fixes and blocking
Server & router access lists
White/Blacklisting
Network Intelligence
Self-Defending Networks
SIEM Functionality
SIEM systems & platforms
Threat management and intelligence
Threat hunting
Risk assessment
Data analytics and coding
Intrusion Detection Case Studies - Industry specific
Financial Services Organisations
Public Service Organisations
Healthcare
Manufacturing/process control
Teaching and Learning Strategy
Online delivery.
At the start of all modules lecturers will schedule a webinar detailing how to communicate with lecturer and other students (email and forums).
It will be highlighted that some assessment activities will require collaboration on the virtual learning environment (VLE) or other channels.
Lecturers will interact with students on VLE forum.
Lecturers will lead by example by posting comments on their comments and facilitate discussion by posting links to relevant and interesting
material. Timely feedback will be given on assessment submissions. Lecturers will encourage discussion around their solutions versus others.
Live (and recorded) webinars will be posted as links and will be continuously referred to during module. The following information will be
posted on moodle: tasks, expected deliverable, deadlines, assessment materials and other sources to complete assessment.
Social presence is encouraged for online delivery and requires facilitation by lecturers. This will involve an initial get-to-know-you webinar.
Forum discussions will ensure that all students share a little about themselves. Students in the same geographic area will be encouraged to
collaborate. This overlaps with other both the cognitive and teaching presences. Period webinars will be scheduled with specific ‘agenda’
points to be discussed. Students will need to prepare for these webinar by completing e-tivities in advance, and discuss their findings during
the webinar. Students will be encouraged to use their own social networking groups whereby they can get instant notifications of comments
and can contribute to discussions
Cognitive presence will be assessed and monitored for online delivery. This should be an iterative process whereby students will demonstrate
their growing knowledge of Incident Detection and Response concepts. Constant feedback and participation by the lecturer (on social
platforms, forums and VLE) and feedback on their performance of past assessment items, will be provided
Teaching presence is relevant for online deliver and should engage and challenge the student. They should want to pursue the next task and
apply what they have learned. Online lab practical tasks will assess elements of all modules. Intermittent quizzes and reflective activities will
also be posted although these will not contribute to assessment marks.
Independent Learning: Allied to the Approved Programme Schedule hours students will be required to pursue Independent Learning as part
of the module.
Assessment Strategy
Information concerning the nature and timing of continuous assessment will be reviewed and agreed with learners and external examiners at
the beginning of the academic year.
Marking criteria, deadlines and expectations will also be provided to the learner in advance.
Constructive feedback will be provided in a timely manner and in an appropriate format. A series of Lab Practical tests which are intended
GA_KCYOC_N09 2020 - Uploaded to Banner Academic Module Manager 3.0Page 13 of 20
primarily to assess learner’s ability to understand Incident Detection and Response (IRD), assess IRD tools and implement IRD policies and
remedial solutions.
Four assessments will be spread throughout the year: two in semester 1 and two in semester 2.
Assessment one and three (submitted online) will be formative to assess the learner's knowledge of IRD material.
Assessment two and four (submitted online) will be summative as the learner's apply their knowledge of IRD from each semester.
Repeat Assessment Strategies
All assessment will be carried out in line with the programme, campus and institute assessment strategies and in line with the Code of Practice
No. 3 Student Assessments: Marks and Standards.
Students can resubmit assessments on Moodle, where eligible. Decisions on nature of assessment will be linked to the need to achieve
particular learning outcomes. Individuals may be interviewed or asked to present their work in a formal context to validate authenticity and
ownership of work.
Indicative Coursework and Continuous Assessment: 100 %
Form Title Percent Week (Indicative) Learning Outcomes
Essay Critically evaluate models and frameworks 20 % Week 6 1,3
Implement a data collection platform and collate
Practical Evaluation 20 % Week 12 2,3
information
Install and evaluate a suite of forensics, triage and
Performance Evaluation 25 % Week 18 2,3,4,5
analytics tools
Group project (3/4 pax) creating an IRD policy
Project 35 % End of Term 1,2,3,4,5,6
document
Online Learning Delivery Mode Average Weekly Workload: 4.00 Hours
Type Description Location Hours Frequency Weekly Avg
Online delivery of content via
live and recorded lectures,
Online Learning Online 2 Weekly 2.00
webinars, activities, video and
audio assignments
Tutorial covering online
delivery of content via live and
Online Learning recorded lectures, webinars, Online 2 Weekly 2.00
activities, video and audio
assignments
Required Reading Book List
Murdoch, D., (2014). Blue Team Handbook. CreateSpace.
ISBN 1500734756 ISBN-13 9781500734756
Collins, M., (2017). Network Security Through Data Analysis.
ISBN 1491962844 ISBN-13 9781491962848
Maxwell, R., (2016). Intelligence-driven Incident Response. O'Reilly Media.
ISBN 1491934948 ISBN-13 9781491934944
Journal Resources
GMIT Library resources includes access to many online journals such as:
https://academic.oup.com/cybersecurity
https://www.journals.elsevier.com/ (variety of special issue journals relevant to IDR)
Wiley Online Library of Journals https://onlinelibrary.wiley.com/
Springer Cybersecurity Online https://cybersecurity.springeropen.com/
Springer LNCS (Lecture Notes in Computer Science) https://www.springer.com/gp/computer-science/lncs
Online Resources
https://purplesec.us/siem-solutions/
https://www.ultimatewindowssecurity.com/webinars/default.aspx
GA_KCYOC_N09 2020 - Uploaded to Banner Academic Module Manager 3.0Page 14 of 20
https://www.misp-project.org/features.html
https://www.nist.gov/cyberframework
Other Resources
Associate Webinars from:
SANS
Immersive Labs
Cisco Netacad PILOT programme
Ultimate Windows Security
Guest Lectures from Industry Experts
Events and Seminars from regional entities such as Atlantec, ITAG and other RSF collaborators.
Additional Information
Online platforms such as Azure, AWS, SIREN will facilitate online delivery of module elements.
Programme Membership
GA_KCYOC_N09 202000 Certificate in Cybersecurity Operations
GA_KCYOC_V09 202000 Master of Science in Cybersecurity Operations
GA_KCYOC_N09 2020 - Uploaded to Banner Academic Module Manager 3.0Page 15 of 20
COMP09028
Programming for Cybersecurity
Mandatory Delivered in Stage 5 Year Long
Full Title Programming for Cybersecurity
Status Uploaded to Banner Start Term 2020
NFQ Level 09 ECTS Credits 10
Module Code COMP09028 Duration Stage - (26 Weeks)
Grading Mode Numeric Department Business, Humanities and Tech
Module Author Andrew Beatty
Co Authors Seamus Dowling
Module Description
An introduction to automating computer tasks using scripting languages and solving problems using programming languages, with a focus on
cyber-security.
Learning Outcomes
On completion of this module the learner will/should be able to:
1. Design scripts to Automate cybersecurity tasks..
2. Design and Develop algorithms to solve computational problems.
3. Develop a complex scripts using programming techniques
4. Analyse and visualise metadata that has been extracted from a variety of sources
5. Design and develop algorithms to identify vunerabilities.
6. Analyse and evaluate areas in cybersecurity that can be automated and develop the algorithms to accomplish it.
Indicative Syllabus
Scripting
Command Line Interfaces
Read, Evaluate, Print, Loop environments
Command line arguments
Scripts to automate tasks
Environment variables
Input/Output redirection
Background and foreground jobs
Regular expressions
Development environments and toolchains
Programming/scripting text editors
Integrated development environments
Distributed version control software
Programming techniques
Reading documentation
Statements
Comments
Constants and variables
Conditionals
Loops
Functions
File Input/Output
GA_KCYOC_N09 2020 - Uploaded to Banner Academic Module Manager 3.0Page 16 of 20
Reshaping data structures
Unzipping arrays
Slicing
Calculating descriptive statistics
Networking and Security
Develop Python scripts for automating security and pentesting tasks
Python standard library's main modules used for performing security-related tasks
Explore processes for detecting and exploiting vulnerabilities in servers
Identify vulnerabilities in web applications with Python
Data Analysis
Normalisation of data
Automate analytical tasks and the extraction of information from servers
Extracting metadata and forensics
Visualisation
Integegration
APIs
Cybersecurity tools
Using external modules (AI, statistical analysis, data Visualisation)
Teaching and Learning Strategy
Online delivery.
At the start of all modules lecturers will schedule a webinar detailing how to communicate with lecturer and other students (email and forums).
It will be highlighted that some assessment activities will require collaboration on the virtual learning environment (VLE) or other channels.
Lecturers will interact with students on VLE forum.
Lecturers will lead by example by posting comments on their comments and facilitate discussion by posting links to relevant and interesting
material. Timely feedback will be given on assessment submissions. Lecturers will encourage discussion around their solutions versus others.
Live (and recorded) webinars will be posted as links and will be continuously referred to during module. The following information will be
posted on moodle: tasks, expected deliverable, deadlines, assessment materials and other sources to complete assessment.
Social presence is encouraged for online delivery and requires facilitation by lecturers. This will involve an initial get-to-know-you webinar.
Forum discussions will ensure that all students share a little about themselves. Students in the same geographic area will be encouraged to
collaborate. This overlaps with other both the cognitive and teaching presences. Period webinars will be scheduled with specific ‘agenda’
points to be discussed. Students will need to prepare for these webinar by completing e-tivities in advance, and discuss their findings during
the webinar. Students will be encouraged to use their own social networking groups whereby they can get instant notifications of comments
and can contribute to discussions
Cognitive presence will be assessed and monitored for online delivery. This should be an iterative process whereby students will demonstrate
their growing knowledge of Incident Detection and Response concepts. Constant feedback and participation by the lecturer (on social
platforms, forums and VLE) and feedback on their performance of past assessment items, will be provided
Teaching presence is relevant for online deliver and should engage and challenge the student. They should want to pursue the next task and
apply what they have learned. Online lab practical tasks will assess elements of all modules. Intermittent quizzes and reflective activities will
also be posted although these will not contribute to assessment marks.
Independent Learning: Allied to the Approved Programme Schedule hours students will be required to pursue Independent Learning as part
of the module.
Assessment Strategy
Assessment will be aligned with both the learning outcomes and the taught content. This will provide learners with a purposeful and fair view of
assessment. Where possible, assessment will not only be of learning but also for learning – providing an opportunity for formative feedback
allowing students to improve their learning.
Learners will be provided with opportunities during delivery and at the end to provide evidence of having achieved each learning outcome.
Learners will also be provided with opportunities to assess their own learning, and to compare it to that of their peers.
Assessment design will seek a balance between providing learners freedom to demonstrate their own personal learning while ensuring they
have achieved the requisite skills, knowledge, and competencies. Where feasible, a common theme will link individual assessment
components. This will provide a narrative for students to discuss the assessment with others and help them to develop a portfolio of work for
use in their future career.
Repeat Assessment Strategies
Learners will be given the opportunity to provide further evidence that they have achieved all learning outcomes of the module. This may be in
the form of a new assessment, completion of a previously given assessment, a written paper, or a combination of these.
GA_KCYOC_N09 2020 - Uploaded to Banner Academic Module Manager 3.0Page 17 of 20
The appropriate repeat assessment mechanism will be determined by the lecturer and, where possible, in discussion with the student. The
student will be informed of the requirements of the repeat assessment in a timely manner so that the student has the opportunity to discuss
and clarify the requirements with the lecturer.
Indicative Coursework and Continuous Assessment: 100 %
Form Title Percent Week (Indicative) Learning Outcomes
Assignment Continuous Assessment 40 % OnGoing 1,5,6
Project Project 60 % End of Term 1,2,3,4,5,6
Online Learning Delivery Mode Average Weekly Workload: 4.00 Hours
Type Description Location Hours Frequency Weekly Avg
Lecture Online Lecure Online 2 Weekly 2.00
Practical Practical Online 2 Weekly 2.00
Required Reading Book List
Codings, Z., (2019). Computer Programming And Cyber Security for Beginners. Independently Published.
ISBN 1671532902 ISBN-13 9781671532908
Recommended Reading Book List
Matthes, E., (2019). Python Crash Course. 1st Edition. No Starch Press.
ISBN 1593279280 ISBN-13 9781593279288
Ramalho, L., (2015). Fluent Python. O'Reilly Media.
ISBN 1491946008 ISBN-13 9781491946008
Ortega, J., (2018). Mastering Python for Networking and Security.
ISBN 1788992512 ISBN-13 9781788992510
Matthes, E., (2019). Python Crash Course.
ISBN 9781593279288 ISBN-13 1593279280
Online Resources
https://www.python.org/
https://www.gnu.org/software/bash/
https://git-scm.com/
http://pandas.pydata.org/
http://www.numpy.org/
Programme Membership
GA_KCYOC_N09 202000 Certificate in Cybersecurity Operations
GA_KCYOC_V09 202000 Master of Science in Cybersecurity Operations
GA_KCYOC_N09 2020 - Uploaded to Banner Academic Module Manager 3.0Page 18 of 20
TECH09010
Security Operations
Mandatory Delivered in Stage 5 Year Long
Full Title Security Operations
Status Uploaded to Banner Start Term 2020
NFQ Level 09 ECTS Credits 10
Module Code TECH09010 Duration 26 Weeks - (26 Weeks)
Grading Mode Numeric Department Business, Humanities and Tech
Module Author Mark Frain
Module Description
An organization endeavours to secure its Information Technology Architecture against threats. Secure Operations Management ensures the
elements of this architecture, Network, Operating Systems and Server Technology are configured and secured correctly and compliant with
relevant frameworks. Implementing robust defences is the best method to mitigate against threats. Preparedness for an incident is as
important as incident response.
Learning Outcomes
On completion of this module the learner will/should be able to:
1. Critically evaluate design and implement the planning, scoping and reconnaissance phases associated with penetration testing.
2. Critically evaluate exisitng tools and techniques and develop new best practices for Vulnerability Management and Endpoint Protection.
3. Analyse and document measures, concepts and methods that apply to Security Governance, Strategic Planning and Organizational
Structure.
4. Desgin and implement appropriate measures and controls that an organisation can deploy to harden devices, networks and operating
systems against threats.
5. Conduct appropriate research and undertake the design and development of appropriate measures and controls that an organisation can
deploy to improve threat mitigation capabilities and ensure compliance with relevant frameworks.
Indicative Syllabus
Secure Operations Centre(SOC) – 10%
Elements of a SOC – role of a Cybersecurity Analyst, Security Information and Event
Management (SIEM) - Security Orchestration, Automation and Response (SOAR).
Cyber Security Architecture – 15%
Cyber Security Architectures - Features, Roles and Responsibilities, Policies,
Components of Cyber Security Frameworks, Monitor and Manage compliance with relevant standards — Information Security Standards,
Cybersecurity Frameworks, NIST, ISO 27001.
Security Governance, Strategic Planning, Organizational Structure, Roles and Responsibilities, Integration with Enterprise Architecture,
Policies and Guidance
Cyber Security Data – 15%
Network Security Data – ELK(Common Data Platform - Elasticsearch, Logstash, and Kibana) – Security Logs - Identify assets,
Vulnerabilities and Threats.
Security Policies, Regulations and Standards – Company Policy, Employee Policy, Security Policy.
Identity and Access control models – Authentication, Authorization, Access.
System Hardening – 25%
Network Hardening – Network Protocols - Network Services - Network Devices - Network Security Infrastructure – NTP, VPN.
OS Hardening – OS vulnerabilities, OS architecture, Processes, Threads, Services, CLI, PowerShell – netstat, local security policy
Server Hardening
Threat/Vulnerability Management and Endpoint Protection – 20%
Threat and Vulnerability management, Vulnerability scanning. - Remediating actions and implementing remediating actions.
GA_KCYOC_N09 2020 - Uploaded to Banner Academic Module Manager 3.0Page 19 of 20
Endpoint Security and Vulnerability Scoring and Assessment - Identify Attack surface – Sandbox Analysis (Cuckoo Sandbox), MITRE
Attack Framework, Common Vulnerability Scoring System - Attack vector, Attack complexity, Privileges required, User interaction
Incident Response and Recovery Services, Endpoint Detection and Recovery. Disaster Recovery Planning, Backup and Recovery.
Penetration Testing Principals – 10%
Reconnaissance Techniques - Obtaining basic DNS information (Whois, nslookup), performing zone transfers (dig), DNS interrogation.
Scanning Techniques - Port scanning, network mapping and OS fingerprinting (nmap).
Exploitation & Backdoors - Exploitation frameworks (Metasploit), Backdoor kits (BO2K), Exploit crafting.
Secure Coding - 5%
White box and black box Threat Modelling. Reviewing code with a view to locating specific vulnerability patterns.
Teaching and Learning Strategy
Online delivery.
In the online delivery format, the module will be delivered via both synchronous and asynchronous online methods. At the start of the module
there will be a scheduled webinar detailing how to communicate with lecturer and other students (email and forums). It will be highlighted that
some assessment activities will require collaboration on the virtual learning environment (VLE/LearnOnLine) or other channels.
There will be weekly live video lectures available in addition to the asynchronous lectures notes, chats, blogs, email available through VLE. It is
also intended to include live webinars from external guest lecturers with specific expertise in areas of Cybersecurity. Lecturers will lead by
example by posting comments on their comments and facilitate discussion by posting links to relevant and interesting material. Timely
feedback will be given on assessment submissions. Lecturers will encourage discussion around their solutions versus others.
Cognitive presence will be ‘assessed’ and monitored for online/blended delivery. This should be an iterative process whereby students will
demonstrate their growing knowledge of the topic area. Constant feedback and participation by the lecturer (on social platforms, online and
VLE) and feedback on their performance of past assessment items, will be provided.
It is recognised that potential students will come from diverse industry/cybersecurity settings, and as such will bring their own unique
experiences and challenges to the learning environment. In this context, online class discussions/blogs will be very much encouraged to
facilitate a shared learning experience.
Information concerning the nature and timing of continuous assessment will be reviewed and agreed with learners and external examiners at
the beginning of the academic year. Marking criteria, deadlines and expectations will also be provided to the learner in advance. Constructive
feedback will be provided in a timely manner and in an appropriate format.
Assessment Strategy
The module will be assessed in line with GMIT’s Code of Practice No. 3; Marks and Standards. It is intended that learning outcomes will be
assessed through 100% continuous assessment. The learner will be assessed on their practical ability and theoretical knowledge of Secure
Cyber Operations Enviroment.
The continuous assessment elements will focus on compliance with relevant cybersecurity frameworks assessment of risk and vulnerability
assessment, and penetration testing. Assessments will take the form of both an online Multiple Choice Quiz (MCQ) (30%), and an individual
online project submission (40%). The MCQ assessment is designed such that each student is presented with a unique random question set.
The assessments will be moderated by an elected external examiner.
Information concerning the nature and timing of continuous assessment will be reviewed and agreed with learners and external examiners at
the beginning of the academic year. Marking criteria, deadlines and expectations will also be provided to the learner in advance. Constructive
feedback will be provided in a timely manner and in an appropriate format.
Repeat Assessment Strategies
Repeat facilities will be accommodated in line with GMIT Code of Practice No. 3 Student Assessment: Marks & Standards procedures and in
compliance with programme board decisions.
Decisions on nature of assessment will be linked to the need to achieve particular learning outcomes. They may be in the form of a written
assessment, project or other relevant assessment. Individuals may be interviewed or asked to present their work in a formal student
conference context to prove authenticity and ownership of work.
Indicative Coursework and Continuous Assessment: 100 %
Form Title Percent Week (Indicative) Learning Outcomes
GA_KCYOC_N09 2020 - Uploaded to Banner Academic Module Manager 3.0Page 20 of 20
Assignment 1 - Vulnerability Assessment -
Assessment 30 % Week 7 1,2,3
Penetration Testing
Assignment 2 - System Hardening - Security
Assessment 30 % Week 14 1,2,3,4,5
Policies
Project Project 40 % Week 20 1,2,3,4,5
Online Learning Delivery Mode Average Weekly Workload: 4.00 Hours
Type Description Location Hours Frequency Weekly Avg
Online asynchronous delivery
of content, via live & recorder
Online Learning Online 4 Weekly 4.00
webinars & interactions, video,
audio and assignments.
Required Reading Book List
Stallings, W., (2018). Effective Cybersecurity. Addison-Wesley Professional.
ISBN 0134772806 ISBN-13 9780134772806
Scott, S., (2015). Enterprise Cybersecurity. Apress.
ISBN 9781430260837 ISBN-13 1430260831
Schoenfield, B., (2015). Securing Systems. Edition. CRC Press.
ISBN 1482233975 ISBN-13 9781482233971
Online Resources
https://www.nist.gov/cyberframework
http://www.isaca.org
http://www.isc2.org
http://www.nist.gov
http://www.sans.org
http://www.iso.org
Programme Membership
GA_KCYOC_N09 202000 Certificate in Cybersecurity Operations
GA_KCYOC_V09 202000 Master of Science in Cybersecurity Operations
GA_KCYOC_N09 2020 - Uploaded to Banner Academic Module Manager 3.0You can also read
