Curriculum
Foundation Year - Qualifi Level 3 Diploma in Cyber Security Management and Operations
Qualifi Level 3 Diploma in Cyber Security Management and Operations
0/6
-
Unit CSM01: Threat and Risk: Expecting the Unexpected
Preview -
Unit CSM02: Network Architecture, Communications and Protocols
Preview
-
Unit CSM03: Mobile Device and Data Risks
Preview
-
Unit CSM04: Investigations and Incident Response
Preview
-
Unit CSM05: Solutions: Future-Proofing your Business
Preview
-
Unit CSM06: EU GDPR and Data Security
Preview
Unit CSM04: Investigations and Incident Response
Unit code: R/617/1168
RQF level: 3
Aim
Investigations and Incident Response are different operations within the discipline of Information Security. However, they are closely related. In this unit the learner will investigative techniques used to identify and investigate suspicious computer incidents. Learners will learn about the essential roles, responsibilities, tasks and subdisciplines within Incident Response. The learner will become familiar with the essential functions of Computer Emergency Response Teams (CERTS) and Incident Response (IR), Disaster Recovery Planning and Business Continuity Management (BCM), including documentation and review. The learner will also explore investigations as a discipline and how the approaches and concepts of investigations (such as Forensics and Seizure) can be applied to an ICT incident. All unit sections will include descriptions and suggestions about relevant SIEM, Incident Response and Investigations tools. Many of these monitoring and recovery tools can be used to conduct workplace investigations in an ethical and professional manner. A range of case studies for business and public sector/government organisations will be used throughout this unit.
Learning Outcomes and Assessment Criteria
| Learning Outcomes. To achieve this unit a learner must be able to: | Assessment Criteria: Assessment of these outcomes demonstrates a learner can: |
| 1 Understand the core phases, tools and processes of Incident Response and putting together a CERT |
1.1 Explain the terms Incident Response and CERT 1.2 Explain key information, stages and personnel to be included in any professional IR plan 1.3 Describe how CERTs are put together and who is included |
| 2 Understand Disaster Recovery (DR) and Business Continuity Management (BCM) as disciplines to support a cyber incident response team |
2.1 Explain the terms Disaster Recovery (DR) and Business Continuity Management (BCM) 2.2 Analyse how BCM and DR considerations are applied to an overall organisational computer IR plan |
| 3 Understand how organisations can investigate major incidents related to suspected cyber security attacks | 3.1 Apply the rules and principles of investigation to an Incident Response to ensure that potential evidence is successfully recovered and stored in an uncontaminated manner |