Course Title: Evaluate and test an incident response plan for an enterprise

Part B: Course Detail

Teaching Period: Term2 2024

Course Code: INTE5067

Course Title: Evaluate and test an incident response plan for an enterprise

School: 520T Future Technologies

Campus: City Campus

Program: C4424 - Certificate IV in Cyber Security

Course Contact: Michael Barton

Course Contact Phone: +61 3 9925 1409

Course Contact Email: michael.barton2@rmit.edu.au


Name and Contact Details of All Other Relevant Staff

Nominal Hours: 40

Regardless of the mode of delivery, represent a guide to the relative teaching time and student effort required to successfully achieve a particular competency/module. This may include not only scheduled classes or workplace visits but also the amount of effort required to undertake, evaluate and complete all assessment requirements, including any non-classroom activities.

Pre-requisites and Co-requisites

None

Course Description

In this course you will gain the knowledge and skills required to examine an organisation’s existing incident response plan (IRP) and expand it as necessary to deal with incidents more thoroughly


National Codes, Titles, Elements and Performance Criteria

National Element Code & Title:

VU23221 Evaluate and test an incident response plan for an enterprise

Element:

1 Form an incident response team

Performance Criteria:

1.1 Members to form incident response team (IRT) are recruited

1.2 IRT members roles and responsibilities are defined

1.3 Communication strategies and reporting hierarchy for the IRT within the organisation are determined

1.4 Business implications to the organisation of cyber incidents are articulated to the IRT

Element:

2 Define red, blue and purple team tasks

Performance Criteria:

2.1 Fundamental red teaming activities for incident responses are created

2.2 Fundamental blue teaming activities for incident responses are created

2.3 Fundamental purple teaming activities are defined

Element:

3 Plan the implementation of the organisation's incident response plan (IRP)

Performance Criteria:

3.1 Organisation's incident management plan is evaluated

3.2 Services the IRT will provide are defined

3.3 Response plans to a range of incidents are developed

3.4 Reporting procedures for incident handling are developed

3.5 Processes for collecting and protecting evidence during incident responses are developed

3.6 Incident response exercises and red-teaming activities are created

3.7 Incident response staffing and training requirements are specified

Element:

4 Implement the IRP for prescribed incidents

Performance Criteria:


4.1 Red-teaming activities are executed for the range of incident responses

4.2 Response to the incidents is reported

4.3 Incident response evidence is collected, processed and preserved in accordance with the organisation's guidelines

4.4 Strategy of blue-teaming activities to mitigate the incident responses are discussed and evaluated

4.5 Incident management measures are collected, analysed and reported

Element:

5 Evaluate the IRP

Performance Criteria:


5.1 Improvements learnt from the IRP activities are implemented

5.2 Effectiveness of red teaming and incident response tests, training and exercises are examined and modified as required

5.3 Communication between incident response team and organisations management are assessed for effectiveness and changes implemented if required


Learning Outcomes


On successful completion of this course you will have developed and applied the skills and knowledge required to demonstrate competency in the above elements. 


Details of Learning Activities

VU23220 - Develop a cyber security industry project. 

VU23221 - Evaluate and test an incident response plan for an enterprise

By the end of this course, you will be able to:

  • develop a network security infrastructure (project) and
  • prepare a implementation plan that leads to a solution
  • organize a work team
  • function and solve problems in a work team environment
  • gather resources for project implementation
  • test resources for functionality and operation as required
  • implement project according to the provided design
  • test the system for functionality
  • conduct team activities and evaluate team performance
  • prepare project documentation and make a presentation to the
    client


Teaching Schedule

WeekDateTopicAssessment / Learning activities
Week 1 15-19 Jul 2024

Introduction to Installing virtual Machines

Learn why networks and data are attacked.

Learn how to prepare for a career in cybersecurity operations

Week 2 22-26 Jul 2024

 

Introduction to Security Testing

Introduction to Security Testing
Week 3 29 Jul to 2nd August 2024

Introduction to Network Scanning

 

Research  Assignment

Introduction to Network Scanning

 

Research assignment due week 10

Week 4 5-9 Aug 2024 Introduction to Network Reconnaissance Introduction to Network Reconnaissance
Week 5

12-16 Aug 2024

Introduction to Virtulisation Introduction to Virtulisation
Week 6

18-22 March 2024

Introduction to Wireless Security Introduction to Wireless Security
Week 7 19-23 Aug 2024 Introduction to IPS,IDS and Firewalls Introduction to IPS,IDS and Firewalls
 

 2024

                                                                                        Mid-semester break                                                                                 Mid-semester break 
Week 8

2-6 Sept 2024

Introduction to Understanding Defence

Introduction to Understanding Defence   

 

 

Start groups and Final Assignment

Week 9 9-13 Sept 2024 Introduction Team Developement and Final lab Setup Introduction Team Developement and Final lab Setup
Week 10

 

16-20 Sept 2024

Introduction to Tender Response Fundamentals and Final lab Setup

Introduction to Tender Response Fundamentals and Final lab Setup

Week 11

23-27 Sept 2024

 

Introduction to Assessment Day 1 and SOC Models

Introduction to Assessment Day 1 and SOC Models

 

Final assignment

Week 12 30 Sept - 4 Oct 2024 Introduction to Assessment Day 2 and Network Design

Introduction to Assessment Day 2 and Network Design

 

Final assignment

Week 13 7-11 Oct 2024 Introduction to Assessment Day 3 and Incident Response

Introduction to Assessment Day 3 and Incident Response

 

Final assignment
Week 14 14-18 Oct 2024 Introduction to Assessment Day 4 and Red Blue Teams

 

Introduction to Assessment Day 4 and Red Blue Teams

 

Final assignment

Week 15 21-25 Oct 2024 Introduction to Assessment Day 5 Threat Intelligence

Introduction to Assessment Day 5 Threat Intelligence

 

 

Final assignment

Week 16 28- oct- 1 Nov 2024

Assessment Catchup

 
Week 17

 4-8 Nov 2024

Assessment Catchup

 

 


Learning Resources

Prescribed Texts


References


Other Resources

A computer with at least 16 gig of ram and an i5 processor or equivalent. 


Overview of Assessment

Assessment for this course is ongoing throughout the semester. Your knowledge and understanding of course content is assessed through participation in class exercises, oral/written presentations and through the application of learned skills and insights. Full assessment briefs will be provided and can be found on CANVAS.


Assessment Tasks

1 knowledge assessment 

2 practical team assessments


Assessment Matrix

1 knowledge assessment 

2 practical team assessments

Other Information

Knowledge  of virtual machines 

Course Overview: Access Course Overview