Course Title: Evaluate and test an incident response plan for an enterprise

Part B: Course Detail

Teaching Period: Term2 2025

Course Code: INTE5067

Course Title: Evaluate and test an incident response plan for an enterprise

School: 520T Future Technologies

Campus: City Campus

Program: C4424 - Certificate IV in Cyber Security

Course Contact: Michael Barton

Course Contact Phone: +61 3 9925 1409

Course Contact Email: michael.barton2@rmit.edu.au


Name and Contact Details of All Other Relevant Staff

Nominal Hours: 40

Regardless of the mode of delivery, represent a guide to the relative teaching time and student effort required to successfully achieve a particular competency/module. This may include not only scheduled classes or workplace visits but also the amount of effort required to undertake, evaluate and complete all assessment requirements, including any non-classroom activities.

Pre-requisites and Co-requisites

None

Course Description

In this course you will gain the knowledge and skills required to examine an organisation’s existing incident response plan (IRP) and expand it as necessary to deal with incidents more thoroughly


National Codes, Titles, Elements and Performance Criteria

National Element Code & Title:

VU23221 Evaluate and test an incident response plan for an enterprise

Element:

1 Form an incident response team

Performance Criteria:

1.1 Members to form incident response team (IRT) are recruited 1.2 IRT members roles and responsibilities are defined 1.3 Communication strategies and reporting hierarchy for the IRT within the organisation are determined 1.4 Business implications to the organisation of cyber incidents are articulated to the IRT

Element:

2 Define red, blue and purple team tasks

Performance Criteria:

2.1 Fundamental red teaming activities for incident responses are created 2.2 Fundamental blue teaming activities for incident responses are created 2.3 Fundamental purple teaming activities are defined

Element:

3 Plan the implementation of the organisation's incident response plan (IRP)

Performance Criteria:

3.1 Organisation's incident management plan is evaluated 3.2 Services the IRT will provide are defined 3.3 Response plans to a range of incidents are developed 22603VIC Certificate IV in Cyber Security V1 Page 59 of 85 3.4 Reporting procedures for incident handling are developed 3.5 Processes for collecting and protecting evidence during incident responses are developed 3.6 Incident response exercises and red-teaming activities are created 3.7 Incident response staffing and training requirements are specified

Element:

4 Implement the IRP for prescribed incidents

Performance Criteria:

4.1 Red-teaming activities are executed for the range of incident responses 4.2 Response to the incidents is reported 4.3 Incident response evidence is collected, processed and preserved in accordance with the organisation's guidelines 4.4 Strategy of blue-teaming activities to mitigate the incident responses are discussed and evaluated 4.5 Incident management measures are collected, analysed and reported

Element:

5 Evaluate the IRP

Performance Criteria:

5.1 Improvements learnt from the IRP activities are implemented 5.2 Effectiveness of red teaming and incident response tests, training and exercises are examined and modified as required 5.3 Communication between incident response team and organisations management are assessed for effectiveness and changes implemented if required

Learning Outcomes


On successful completion of this course you will have developed and applied the skills and knowledge required to demonstrate competency in the above elements.


Details of Learning Activities

VU23220 - Develop a cyber security industry project.

VU23221 - Evaluate and test an incident response plan for an enterprise

By the end of this course, you will be able to:

  • develop a network security infrastructure (project) and
  • prepare a implementation plan that leads to a solution
  • organize a work team
  • function and solve problems in a work team environment
  • gather resources for project implementation
  • test resources for functionality and operation as required
  • implement project according to the provided design
  • test the system for functionality
  • conduct team activities and evaluate team performance
  • prepare project documentation and make a presentation to the
    client


Teaching Schedule

Week

Date

Topic

Assessment / Learning activities

Week 1

14-18 July 2025

Introduction to Installing virtual Machines

Learn why networks and data are attacked.

Learn how to prepare for a career in cybersecurity operations

Week 2

21-25 July 2025

Introduction to Security Testing

Introduction to Security Testing

Week 3

28 July - 1 August 2025

Introduction to Network Scanning

Research Assignment

Introduction to Network Scanning

Research assignment due week 10

Week 4

4-8 August 2025

Introduction to Network Reconnaissance

Introduction to Network Reconnaissance

Week 5

11-15 August 2025

Introduction to Virtulisation

Introduction to Virtulisation

Week 6

18-22 August 2025

Introduction to Wireless Security

Introduction to Wireless Security

Week 7

25-29 August 2025

Introduction to IPS,IDS and Firewalls

Introduction to IPS,IDS and Firewalls

1-5 September 2025

Mid-semester break

Mid-semester break

Week 8

8-12 September 2025

Introduction to Understanding Defence

Introduction to Understanding Defence

Start groups and Final Assignment

Week 9

15-19 September 2025

Introduction Team Developement and Final lab Setup

Introduction Team Developement and Final lab Setup

Week 10

22-26 September 2025

Introduction to Tender Response Fundamentals and Final lab Setup

Introduction to Tender Response Fundamentals and Final lab Setup

Week 11

29 September - 3 October 2025

Introduction to Assessment Day 1 and SOC Models

Introduction to Assessment Day 1 and SOC Models

Final assignment

Week 12

6-10 October 2025

Introduction to Assessment Day 2 and Network Design

Introduction to Assessment Day 2 and Network Design

Final assignment

Week 13

11-19 October

Introduction to Assessment Day 3 and Incident Response

Introduction to Assessment Day 3 and Incident Response

Final assignment

Week 14

20-24 October 2025

Introduction to Assessment Day 4 and Red Blue Teams

Introduction to Assessment Day 4 and Red Blue Teams

Final assignment

Week 15

27-31 October 2025

Introduction to Assessment Day 5 Threat Intelligence

Introduction to Assessment Day 5 Threat Intelligence

Final assignment

Week 16

3-7 November 2025

Assessment Catchup

Week 17

10-14 November 2025

Assessment Catchup


Learning Resources

Prescribed Texts


References


Other Resources

A computer with at least 16 gig of ram and an i5 processor or equivalent.


Overview of Assessment

Assessment for this course is ongoing throughout the semester. Your knowledge and understanding of course content is assessed through participation in class exercises, oral/written presentations and through the application of learned skills and insights. Full assessment briefs will be provided and can be found on CANVAS.


Assessment Tasks

Assessment Tasks

1 knowledge assessment

2 practical team assessments


Assessment Matrix

Element

Performance criteria

Assessment

Task 1: AT 1

Assessment

Task 2: Industry Project Documentation

Assessment

Task 3: Industry Project Practical Observations

1. Form an incident response team
  1. Members to form incident response team (IRT) are recruited

1a

  1. IRT members roles and responsibilities are defined

Q7, Q9

1a

3
  1. Communication strategies and reporting hierarchy for the IRT within the organisation are determined

Q10

1a, b

3
  1. Business implications to the organisation of cyber incidents are articulated to the IRT

Q11

1b, c

3

2. Define red, blue and purple team tasks
  1. Fundamental red teaming activities for incident responses are created

2a

3,4
  1. Fundamental blue teaming activities for incident responses are created

2a

6
  1. Fundamental purple teaming activities are defined

2a, b

6

3. Plan the implementation of the organisation’s incident response plan (IRP)
  1. Organisation’s incident management plan is evaluated

1a, b, c

  1. Services the IRT will provide are defined

Q7

1a, b, c

2c

3
  1. Response plans to a range of incidents are developed

Q1, Q2, Q7, Q10, Q11

3a, b, c

3
  1. Reporting procedures for incident handling are developed

3a, b, c

3
  1. Processes for collecting and protecting evidence during incident responses are developed

Q12

3a, b, c

3,4
  1. Incident response exercises and red-teaming activities are created

1, 2

4
  1. Incident response staffing and training requirements are specified

7

7,8

4. Implement the IRP for prescribed incidents
  1. Red-teaming activities are executed for the range of incident responses

2a

6
  1. Response to the incidents is reported

2a

6
  1. Incident response evidence is collected, processed and preserved in accordance with the organisation’s guidelines

Q12

2b

6
  1. Strategy of blue-teaming activities to mitigate the incident responses are discussed and evaluated

3 a, b, c

6
  1. Incident management measures are collected, analysed and reported

Q13

3 a, b, c

6

5. Evaluate the IRP
  1. Improvements learnt from the IRP activities are implemented

Q13

7a-d

  1. Effectiveness of red teaming and incident response tests, training and exercises are examined and modified as required

Q13

7a-d

7,8
  1. Communication between incident response team and organisations management are assessed for effectiveness and changes implemented if required

7a-d

7,8

Other Information

knowledge of virtual machines

Course Overview: Access Course Overview