Unit CSM01: Threat and Risk: Expecting the Unexpected

Unit code: T/617/1163

RQF level: 3

Aim

In this unit the learner will be look at various case studies in recent cyber-attacks on business organisations, public sector agencies and individual victims. They will then conduct analysis will then into the motivations of malicious hackers. This analysis will include basic geopolitical learning, as it relates to the cyber domain, as well as identifying how and why different industry sectors (including Banking and Finance) are particularly vulnerable. Towards the end of the unit the learner will look at the types of hacking undertaken: White Hat hacking, Grey Hat hacking and Black Hat Hacking. Learners will be introduced to concepts such as ‘Threat’, ‘’Risk’, ‘Security Engineering’, ‘Cyber Threat Intelligence’ and ‘Cyber Resilience’.

Learning Outcomes and Assessment Criteria

Learning Outcomes. To achieve this unit a learner must be able to:	Assessment Criteria: Assessment of these outcomes demonstrates a learner can:
1 Understand key business cyber security concepts including ‘threats’ and ‘risks’	1.1 Explain major cyber events and methods of attack that have severely impacted businesses 1.2 Explain sources of cyber security threats and risks
2 Understand effective sources of Cyber Threat Intelligence	2.1 Explain cyber intelligence and the most effective sources 2.2 Explain how organisations can proactively plan and calculate the risks and threats to prioritise remediation (risk-assessment) 2.3 For a chosen global region, review how the IT function within a multinational organisation reports on and plans for cyber security threats and risks
3 Understand the ‘psychology’ of computer misuse and the associated terminology	3.1 Assess the factors that put individuals at risk from a cyber-attack 3.2 Explain the attack-lifecycle 3.3 Describe the potential risks from a deliberate, planned attack, from a malicious hacker or group