Module Database Search
MODULE DESCRIPTOR | |||
---|---|---|---|
Module Title | |||
Security Operations & Incident Management | |||
Reference | CM4142 | Version | 1 |
Created | November 2023 | SCQF Level | SCQF 10 |
Approved | April 2024 | SCQF Points | 15 |
Amended | ECTS Points | 7.5 |
Aims of Module | |||
---|---|---|---|
This module aims to provide students with a strong understanding of Security Operations and Incident Management, covering key concepts like intrusion detection, SIEM, and modern SoC architectural principles. Practical components with hands-on experience using Open-Source Security Information Management (OSSIM) tools provide insights into the complete lifecycle of security operations. |
Learning Outcomes for Module | |
---|---|
On completion of this module, students are expected to be able to: | |
1 | Communicate a critical understanding of the principles underlying Security Operations and Incident Management. |
2 | Illustrate proficiency in incident management by effectively covering planning, response, recovery, and crisis management. |
3 | Develop a robust Security Incident Management System (SIEM) solution for a given scenario. |
4 | Communicate cybersecurity incidents and effective remediation to pertinent stakeholders. |
Indicative Module Content |
---|
Fundamental concepts: Intrusion detection, security information and event management (SIEM), security orchestration, automation and response (SOAR), mape-k architecture; Architectural Principles: Roles of CISOs and Analysts, Cyber-Threat Intelligence (CTI), Information Sharing and Analysis Center (ISAC); Monitoring sources: Network Traffic and traffic Aggregates, Application and System Logs; Analysis Methods & Contribution of SIEM: Data Collection, Alert Correlation, Security Operations and Benchmarking; SIEM Platforms & Countermeasures: Cyber-Threat Intelligence, Situational Awareness; Incident Management (Planning, Response, Post-Incident Activities, Disaster Recovery, Crisis Management); SIEM in Practice: Alien Vault OSSIM, Legal, Business, Team Management, Data Collection, Reporting, Threat Response. |
Module Delivery |
---|
Lectures introduce and illustrate key concepts, while practical skills are honed through a series of laboratory exercises. |
Indicative Student Workload | Full Time | Part Time |
---|---|---|
Contact Hours | 30 | N/A |
Non-Contact Hours | 120 | N/A |
Placement/Work-Based Learning Experience [Notional] Hours | N/A | N/A |
TOTAL | 150 | N/A |
Actual Placement hours for professional, statutory or regulatory body |   |   |
ASSESSMENT PLAN | |||||
---|---|---|---|---|---|
If a major/minor model is used and box is ticked, % weightings below are indicative only. | |||||
Component 1 | |||||
Type: | Coursework | Weighting: | 100% | Outcomes Assessed: | 1, 2, 3, 4 |
Description: | Coursework consisting of both practical and theoretical elements covering all learning outcomes of the module. |
MODULE PERFORMANCE DESCRIPTOR | |
---|---|
Explanatory Text | |
The calculation of the overall grade for this module is based on 100% weighting of Component 1. An overall minimum grade of D is required to pass this module. | |
Module Grade | Minimum Requirements to achieve Module Grade: |
A | The student needs to achieve an A in Component 1 |
B | The student needs to achieve a B in Component 1 |
C | The student needs to achieve a C in Component 1 |
D | The student needs to achieve a D in Component 1 |
E | The student needs to achieve an E in Component 1 |
F | The student needs to achieve an F in Component 1 |
NS | Non-submission of work by published deadline or non-attendance for examination |
Module Requirements | |
---|---|
Prerequisites for Module | CM1131 Cyber Security Fundamentals CM2135 Securing Networks CM3144 Information Risk & Security Management |
Corequisites for module | None. |
Precluded Modules | None. |
INDICATIVE BIBLIOGRAPHY | |
---|---|
1 | McCrie, R., & Lee, S. (2021). Security operations management. Elsevier Science. |
2 | Muniz, J. (2021). The modern security operations center. Addison-Wesley Professional. |
3 | Anson, S. (2020). Applied incident response. John Wiley & Sons. |
4 | Wang, P., & Johnson, C. (2018). Cybersecurity incident handling: a case study of the Equifax data breach. Issues in Information Systems, 19(3) |
5 | Pemble, M. W. A., & Goucher, W. F. (2018). The CIO’s Guide to Information Security Incident Management. CRC Press. |
6 | Don Murdoch, D., (2019). Blue Team Handbook: SOC, SIEM, and Threat Hunting (V1.02): A Condensed Guide for the Security Operations Team and Threat Hunter. Blue Team Handbook |
7 | Arun E Thomas, A., (2018). Security Operations Center - SIEM Use Cases and Cyber Threat Intelligence. Arun E Thomas |