Course Title: Evaluate and test an incident response plan for an enterprise
Part B: Course Detail
Teaching Period: Term1 2024
Course Code: INTE5067
Course Title: Evaluate and test an incident response plan for an enterprise
School: 520T Future Technologies
Campus: City Campus
Program: C4424 - Certificate IV in Cyber Security
Course Contact: Michael Barton
Course Contact Phone: +61 3 9925 1409
Course Contact Email: michael.barton2@rmit.edu.au
Name and Contact Details of All Other Relevant Staff
Nominal Hours: 40
Regardless of the mode of delivery, represent a guide to the relative teaching time and student effort required to successfully achieve a particular competency/module. This may include not only scheduled classes or workplace visits but also the amount of effort required to undertake, evaluate and complete all assessment requirements, including any non-classroom activities.
Pre-requisites and Co-requisites
None
Course Description
In this course you will gain the knowledge and skills required to examine an organisation’s existing incident response plan (IRP) and expand it as necessary to deal with incidents more thoroughly
National Codes, Titles, Elements and Performance Criteria
National Element Code & Title: |
VU23221 Evaluate and test an incident response plan for an enterprise |
Element: |
1 Form an incident response team |
Performance Criteria: |
1.1 Members to form incident response team (IRT) are recruited 1.2 IRT members roles and responsibilities are defined 1.3 Communication strategies and reporting hierarchy for the IRT within the organisation are determined 1.4 Business implications to the organisation of cyber incidents are articulated to the IRT |
Element: |
2 Define red, blue and purple team tasks |
Performance Criteria: |
2.1 Fundamental red teaming activities for incident responses are created 2.2 Fundamental blue teaming activities for incident responses are created 2.3 Fundamental purple teaming activities are defined |
Element: |
3 Plan the implementation of the organisation's incident response plan (IRP) |
Performance Criteria: |
3.1 Organisation's incident management plan is evaluated 3.2 Services the IRT will provide are defined 3.3 Response plans to a range of incidents are developed 3.4 Reporting procedures for incident handling are developed 3.5 Processes for collecting and protecting evidence during incident responses are developed 3.6 Incident response exercises and red-teaming activities are created 3.7 Incident response staffing and training requirements are specified |
Element: |
4 Implement the IRP for prescribed incidents |
Performance Criteria: |
4.1 Red-teaming activities are executed for the range of incident responses 4.2 Response to the incidents is reported 4.3 Incident response evidence is collected, processed and preserved in accordance with the organisation's guidelines 4.4 Strategy of blue-teaming activities to mitigate the incident responses are discussed and evaluated 4.5 Incident management measures are collected, analysed and reported |
Element: |
5 Evaluate the IRP |
Performance Criteria: |
5.1 Improvements learnt from the IRP activities are implemented 5.2 Effectiveness of red teaming and incident response tests, training and exercises are examined and modified as required 5.3 Communication between incident response team and organisations management are assessed for effectiveness and changes implemented if required |
Learning Outcomes
On successful completion of this course you will have developed and applied the skills and knowledge required to demonstrate competency in the above elements.
Details of Learning Activities
VU23220 - Develop a cyber security industry project.
VU23221 - Evaluate and test an incident response plan for an enterprise
By the end of this course, you will be able to:
- develop a network security infrastructure (project) and
- prepare a implementation plan that leads to a solution
- organize a work team
- function and solve problems in a work team environment
- gather resources for project implementation
- test resources for functionality and operation as required
- implement project according to the provided design
- test the system for functionality
- conduct team activities and evaluate team performance
- prepare project documentation and make a presentation to the
client
Teaching Schedule
| Week 1 | 12-16 Feb 2024 | Introduction to Installing virtual Machines |
Learn why networks and data are attacked. Learn how to prepare for a career in cybersecurity operations |
| Week 2 | 19-23 Feb 2024 |
Introduction to Security Testing |
Introduction to Security Testing |
| Week 3 | 26 Feb to 1 March 2024 |
Introduction to Network Scanning Research Assignment |
Introduction to Network Scanning
Research assignment due week 10 |
| Week 4 | 4-8 March 2024 | Introduction to Network Reconnaissance | Introduction to Network Reconnaissance |
| Week 5 | 11-15 March 2024 |
Introduction to Virtulisation | Introduction to Virtulisation |
| Week 6 | 18-22 March 2024 |
Introduction to Wireless Security | Introduction to Wireless Security |
| Week 7 | 25-29 March 2024 | Introduction to IPS,IDS and Firewalls | Introduction to IPS,IDS and Firewalls |
1 April 2024 |
Mid-semester break | Mid-semester break | |
| Week 8 | 8-12 April 2024 |
Introduction to Understanding Defence |
Introduction to Understanding Defence
Start groups and Final Assignment |
| Week 9 | 15-19 April 2024 | Introduction Team Developement and Final lab Setup | Introduction Team Developement and Final lab Setup |
| Week 10 |
22-26 April 2024 |
Introduction to Tender Response Fundamentals and Final lab Setup | Introduction to Tender Response Fundamentals and Final lab Setup |
| Week 11 |
29 April – 3 May 2024
|
Introduction to Assessment Day 1 and SOC Models |
Introduction to Assessment Day 1 and SOC Models
Final assignment |
| Week 12 | 6-10 May 2024 | Introduction to Assessment Day 2 and Network Design |
Introduction to Assessment Day 2 and Network Design
Final assignment |
| Week 13 | 13-17 May 2024 | Introduction to Assessment Day 3 and Incident Response |
Introduction to Assessment Day 3 and Incident Response Final assignment |
| Week 14 | 20-25 may 2024 | Introduction to Assessment Day 4 and Red Blue Teams |
Introduction to Assessment Day 4 and Red Blue Teams
Final assignment |
| Week 15 | 27-31 May 2024 | Introduction to Assessment Day 5 Threat Intelegence |
Introduction to Assessment Day 5 Threat Intelegence
Final assignment |
| Week 16 | 3-7 June 2024 | Assessment Catchup |
|
| Week 17 | 10 14 June 2024 |
Assessment Catchup |
Learning Resources
Prescribed Texts
References
Other Resources
A computer with at least 16 gig of ram and an i5 processor or equivalent.
Overview of Assessment
Assessment for this course is ongoing throughout the semester. Your knowledge and understanding of course content is assessed through participation in class exercises, oral/written presentations and through the application of learned skills and insights. Full assessment briefs will be provided and can be found on CANVAS.
Assessment Tasks
1 knowledge assessment
2 practical team assessments
Assessment Matrix
1 knowledge assessment
2 practical team assessments
Other Information
Knowledge of virtual machines
Course Overview: Access Course Overview