Module Database Search
| MODULE DESCRIPTOR | |||
|---|---|---|---|
| Module Title | |||
| Security Operations | |||
| Reference | CMM011 | Version | 1 |
| Created | May 2022 | SCQF Level | SCQF 11 |
| Approved | June 2022 | SCQF Points | 15 |
| Amended | ECTS Points | 7.5 | |
| Aims of Module | |||
|---|---|---|---|
| To provide students with the ability to evaluate and apply the methods, tools and techniques used in Security/Network Operations Centres (SOC/NOC). | |||
| Learning Outcomes for Module | |
|---|---|
| On completion of this module, students are expected to be able to: | |
| 1 | Critically analyse the architecture, protocols, threats and vulnerabilities of a typical enterprise network. |
| 2 | Critically analyse key incident events reported by the security incident event management system. |
| 3 | Apply appropriate tools and techniques to respond to cyber security incidents or threats. |
| 4 | Document cyber security incidents and responses. |
| Indicative Module Content |
|---|
| OSI model. Fundamentals of LAN design and configuration. Common networking protocols. Main threats and vulnerabilities. Security knowledge management (CVE, CVSS, CWE, Mitre ATT&CK). Data sources: network and host data sources (e.g., pcap, netflow, dns, server logs). Basics of network monitoring and intrusion detection. SIEM - Security Incident Event Management (e.g., Alien Vault OSSIM). Alert correlation. Incident management planning, incident handling, disaster recovery, crisis management, legal/business, team management. Legal requirements (e.g., GDPR, Computer Misuse act). Data collection, Reporting and Analysis. |
| Module Delivery |
|---|
| This module is taught using a structured programme of lectures, practical sessions, web-based learning materials, web-based activities, practical exercises and student-centred learning. |
| Indicative Student Workload | Full Time | Part Time |
|---|---|---|
| Contact Hours | 30 | 30 |
| Non-Contact Hours | 120 | 120 |
| Placement/Work-Based Learning Experience [Notional] Hours | N/A | N/A |
| TOTAL | 150 | 150 |
| Actual Placement hours for professional, statutory or regulatory body |
| ASSESSMENT PLAN | |||||
|---|---|---|---|---|---|
| If a major/minor model is used and box is ticked, % weightings below are indicative only. | |||||
| Component 1 | |||||
| Type: | Coursework | Weighting: | 100% | Outcomes Assessed: | 1, 2, 3, 4 |
| Description: | A case study report. | ||||
| MODULE PERFORMANCE DESCRIPTOR | |
|---|---|
| Explanatory Text | |
| To achieve a pass in this module requires a minimum of Grade D in Component 1. | |
| Module Grade | Minimum Requirements to achieve Module Grade: |
| A | A in Component 1 |
| B | B in Component 1 |
| C | C in Component 1 |
| D | D in Component 1 |
| E | E in Component 1 |
| F | F in Component 1 |
| NS | Non-submission of work by published deadline or non-attendance for examination |
| Module Requirements | |
|---|---|
| Prerequisites for Module | None, in addition to course entry requirements for School of Computing MSc students. For short course students: previous computing experience is beneficial. |
| Corequisites for module | None. |
| Precluded Modules | None. |
| INDICATIVE BIBLIOGRAPHY | |
|---|---|
| 1 | Blue Team Handbook: SOC, SIEM, and Threat Hunting (V1.02): A Condensed Guide for the Security Operations Team and Threat Hunter Paperback – 25 Mar. 2019 |
| 2 | Security Operations Center - SIEM Use Cases and Cyber Threat Intelligence Hardcover – 24 Mar. 2018 |
| 3 | Security Operations Center - Analyst Guide: SIEM Technology, Use Cases and Practices Paperback – 22 May 2016 by Arun E Thomas |
| 4 | JARPEY, G., McCoy, R. S., 2017. Security Operations Center Guidebook: A Practical Guide for a Successful SOC. Elsevier. |
| 5 | THOMPSON, E. C., 2018. Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents. Apress. |
| 6 | DAVIES, G., 2020. Networking Fundamentals: develop the networking skills required to pass the Microsoft MTA networking fundamentals exam 98-366. Packt Publishing. |