Course Title: Gather, analyse and interpret threat data
Part B: Course Detail
Teaching Period: Term1 2024
Course Code: INTE5053C
Course Title: Gather, analyse and interpret threat data
Important Information:
Please note that this course may have compulsory in-person attendance requirements for some teaching activities.
To participate in any RMIT course in-person activities or assessment, you will need to comply with RMIT vaccination requirements which are applicable during the duration of the course. This RMIT requirement includes being vaccinated against COVID-19 or holding a valid medical exemption.
Please read this RMIT Enrolment Procedure as it has important information regarding COVID vaccination and your study at RMIT: https://policies.rmit.edu.au/document/view.php?id=209.
Please read the Student website for additional requirements of in-person attendance: https://www.rmit.edu.au/covid/coming-to-campus
Please check your Canvas course shell closer to when the course starts to see if this course requires mandatory in-person attendance. The delivery method of the course might have to change quickly in response to changes in the local state/national directive regarding in-person course attendance.
School: 520T Future Technologies
Campus: City Campus
Program: C5402 - Diploma of Information Technology
Course Contact: Syed Zohaib
Course Contact Phone: +61399254448
Course Contact Email: syed.zohaib@rmit.edu.au
Name and Contact Details of All Other Relevant Staff
Nominal Hours: 40
Regardless of the mode of delivery, represent a guide to the relative teaching time and student effort required to successfully achieve a particular competency/module. This may include not only scheduled classes or workplace visits but also the amount of effort required to undertake, evaluate and complete all assessment requirements, including any non-classroom activities.
Pre-requisites and Co-requisites
None
Course Description
In this course you will gain the skills and knowledge required to gather data from various sources, analyse, and interpret information for threats, inconsistencies and discrepancies.
National Codes, Titles, Elements and Performance Criteria
National Element Code & Title: |
ICTCYS407 Gather, analyse and interpret threat data |
|
Element: |
1. Gather threat data |
|
Performance Criteria: |
|
|
Element: |
2. Analyse threat data |
|
Performance Criteria: |
|
|
Element: |
3. Interpret and finalise threat data |
|
Performance Criteria: |
3.1 Discuss and review threat data and results with required personnel 3.2 Discuss and assess identified threats, risks and their likelihood of occurrence and impacts of risks, 3.3 Suggest and confirm lessons learnt, action steps, recommendations and mitigation strategies with required personnel 3.4 Document results, findings and recommendations into report according to organisational procedures 3.5 Distribute documentation to required personnel and store according to organisational policies and procedures |
Learning Outcomes
On successful completion of this course you will have developed and applied the skills and knowledge required to demonstrate competency in the above elements.
Details of Learning Activities
This unit describes the skills and knowledge required to gather data from various sources, analyse, and interpret information for threats, inconsistencies and discrepancies.
It applies to individuals who work in information technology security, including network and security specialists, and gather logs from devices, check abnormalities and respond accordingly. These individuals are responsible for supporting and preventing cyber threats attacking data in all business functions and in any industry context.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Teaching Schedule
Subject to change
| Week 0 | Any Course Concerns |
|
| Week 1 | Identify legislative requirements |
AT 1 - Q38 AT 2 - Part 1 Release: Assessment 1 Knowledge Test |
| Week 2 | Identify organisational policies and procedures to gather, analyse and interpret threat data |
AT 1 - Q34, Q35, Q36, Q37, Q39 AT 2 - Part 1 |
| Week 3 | Identify security equipment on network and data sources |
AT 1 - Q35 AT 2 - Part 1 |
| Week 4 | Security Information and Event Management (SIEM) / Discuss and confirm data log requirements |
AT 1 - Q11, Q12, Q13, Q14 AT 2 - Part 1
|
| Week 5 | Types of attacks, including: Denial-of-service attack (DDOS), SQL injection (SQLi), Cross-site scripting (XSS) attacks, Scripted attacks, Hardware attacks, Attacks against Wi Fi, Discuss strategy to process data with required personnel |
AT 1 - Q22, Q23, Q24, Q25, Q26, Q15 AT 2 - Part 1, Part 2, Part 3 |
| Week 6 | Collect information from alerts, logs and reported events | AT 2 - Part 1 |
| Week 7 |
Legislative requirements applicable to gathering, analysing and interpreting threat data
|
AT 2 - Part 1, Part 2 and Part 3 Release: Assessment 2 Practical Task |
| Week 8 |
Create a dataset according to organisational policies and procedures
|
AT 1 - Q13, Q16 AT 2 - Part 2 |
| Week 9 | Ingest data logs into analytic platform according to user instructions |
AT 1 - Q16 AT 2 - Part 2 Due: Assessment 1 Knowledge Test |
| Week 10 |
Obtain and analyse results for reliability and consistency Check for false positives and false negative results |
AT 1 - Q16 AT 2 - Part 2 |
| Week 11 | Detect and describe discrepancies and inconsistencies in data |
AT 1 - Q17 AT 2 - Part 2 |
| Week 12 | Discuss and review threat data and results with required personnel |
AT 2 - Part 2
|
| Week 13 | Discuss and assess identified threats, risks and their likelihood of occurrence and impacts of risks |
AT 1 - Q27, Q28, Q29, Q30, Q33 AT 2 - Part 2 |
| Week 14 | Suggest and confirm lessons learnt, action steps, recommendations and mitigation strategies with required personnel |
AT 1 - Q34 AT 2 - Part 3 Due: Assessment 2 Practical Task |
| Week 15 |
Document results, findings and recommendations into a report according to organisational procedures. Distribute documentation to required personnel and store it according to organisational policies and procedures. |
AT 2 - Part 3 |
| Week 16 | Assessment Re-Submissions (if applicable) | |
| Week 17 | Assessment Re-Submissions (if applicable) | |
| Week 18 | Finalize Results |
Learning Resources
Prescribed Texts
References
Other Resources
Must have the latest version of Packet Tracer installed on your personal computer.
All assessments must be backed up on OneDrive an external harddrive or an RMIT network drive.
Overview of Assessment
Assessment for this course is ongoing throughout the semester. Your knowledge and understanding of course content is assessed through participation in class exercises, oral/written presentations and through the application of learned skills and insights. Full assessment briefs will be provided and can be found on CANVAS
Assessment Tasks
Assessment Task 1: Knowledge Test
Assessment Task 2: Practical Task
Assessment Matrix
Element |
Performance criteria |
|
|
|
|
Assessment Task 1: AT 1 |
Assessment Task 2: AT 2 |
1. Gather threat data |
|
Q34, Q35, Q36, Q37, Q38, Q39 |
Part 1 |
|
Q35 |
Part 1 |
|
|
Q14, Q15, Q36, Q37 |
Part 1 |
|
|
Q14, Q15, Q36, Q37 |
Part 1 |
|
2. Analyse threat data |
|
Q13, Q16 |
Part 2 |
|
Q16 |
Part 2 |
|
|
Q16 |
Part 2 |
|
|
Q17 |
Part 2 |
|
3. Interpret and finalise threat data |
|
|
Part 2 |
|
Q27, Q28, Q29, Q30, Q33 |
Part 3 |
|
|
Q34 |
Part 3 |
|
|
|
Part 3 |
|
|
|
Part 3 |
Other Information
Assessments
To be deemed competent students must demonstrate an understanding of all aspects required of this course and must achieve a satisfactory standard in each assessment. Assessment methods have been designed to measure student's competency in each course over multiple tasks.
Resubmissions
For each assessment submitted by the due date in this course students will be given feedback within 2 weeks of the assessment submission. If you do not submit your assessment by the due date or if your first attempt is not satisfactory you will be allowed a single resubmission attempt for each assessment in this course. You will be provided with a new due date by your teacher for your resubmission attempt if a resubmission is required.
Due dates
All assessment tasks will have a due date provided and published in Canvas. Assessments submitted after the due date will not be accepted unless an extension has been provided or special consideration has been granted.
Extensions
If you will not be able to meet the due date for an assessment you may apply to your teacher for an extension of up to seven days by completing the Application of Time to Submit Assessment Work Form at https://www.rmit.edu.au/content/dam/rmit/documents/Students/Student_forms/Application-for-extension-of-time-to-submit-work.pdf (Links to an external site.) Applications for an extension of time must be received before the due date for an assessment.
Special Consideration
If unforeseen circumstances beyond your control prevent you from submitting your work on time you may be eligible to apply for special consideration. For further information regarding special consideration, please refer to the RMIT Special Consideration page at https://www.rmit.edu.au/students/student-essentials/assessment-and-results/special-consideration (Links to an external site.)
Credit Transfer and/or Recognition of Prior Learning (RPL):
You may be eligible for credit towards courses in your program if you have already met the learning/competency outcomes through previous learning and/or industry experience. To be eligible for credit towards a course, you must demonstrate that you have already completed learning and/or gained industry experience that is:
- Relevant
- Current
- Satisfies the learning/competency outcomes of the course
Please refer to http://www.rmit.edu.au/students/enrolment/credit to find more information about credit transfer and RPL.
Study and learning Support:
Study and Learning Centre (SLC) provides free learning and academic development advice to you.
Services offered by SLC to support your numeracy and literacy skills are:
assignment writing, thesis writing and study skills advice
maths and science developmental support and advice
English language development
Please Refer http://www.rmit.edu.au/studyandlearningcentre to find more information about Study and learning Support
Equitable Learning Services (ELS):
If you are suffering from long-term medical condition or disability, you should contact Equitable Learning Services (ELS) to seek advice and support to complete your studies.
Please refer to https://www.rmit.edu.au/students/support-and-facilities/student-support/equitable-learning-services to find more information about services offered by Equitable Learning Services (ELS).
Plagiarism:
Plagiarism is a form of cheating and it is very serious academic offence that may lead to expulsion from the University.
Please Refer: www.rmit.edu.au/academicintegrity to find more information about plagiarism.
Other Information:
All email communications will be sent to your RMIT email address and you must regularly check your RMIT emails.
Course Overview: Access Course Overview