Course Title: Develop, implement and evaluate an incident response plan

Part B: Course Detail

Teaching Period: Term1 2025

Course Code: COSC7419C

Course Title: Develop, implement and evaluate an incident response plan

Important Information:

Please note that this course may include compulsory in-person attendance requirements for some or all teaching activities.

It is recommended that you check your Canvas course shell closer to the course start date for details about any mandatory in-person attendance requirements.

Please be aware that the course delivery method may need to change quickly in response to evolving course requirements. Students must maintain regular communication with their teachers to stay informed about any updates.

School: 520T Future Technologies

Campus: City Campus

Program: C5402 - Diploma of Information Technology

Course Contact: Haroon Bhutta

Course Contact Phone: +61 3 9925 4612

Course Contact Email: haroon.bhutta@rmit.edu.au


Name and Contact Details of All Other Relevant Staff

Nominal Hours: 30

Regardless of the mode of delivery, represent a guide to the relative teaching time and student effort required to successfully achieve a particular competency/module. This may include not only scheduled classes or workplace visits but also the amount of effort required to undertake, evaluate and complete all assessment requirements, including any non-classroom activities.

Pre-requisites and Co-requisites

None

Course Description

In this course you will gain the skills and knowledge required to develop and implement an incident response plan. The results of the incident response plan must be evaluated if they affect the mission of the organisation.


National Codes, Titles, Elements and Performance Criteria

National Element Code & Title:

ICTSAS524 Develop, implement and evaluate an incident response plan

Element:

1. Prepare to develop an incident response plan

Performance Criteria:

1.1 Identify and document organisational incident response plan requirements

1.2 Identify and document incident response team services according to organisational requirements

1.3 Identify incident response plan structure according to organisational requirements

1.4 Determine and document alignment of organisation’s existing incident response plan against identified requirements

1.5 Submit documentation to required personnel, seek and respond to feedback

Element:

2. Develop the incident response plan

Performance Criteria:

2.1 Develop and document incident management policy according to task requirements

2.2 Create incident response plans according to organisational requirements and security policies and procedures

2.3 Develop incident handling and reporting procedures

2.4 Create incident response exercises, red-teaming activities, staffing and training requirements

2.5 Develop procedure for collecting and protecting forensic evidence during incident response procedures according to organisational requirements

2.6 Establish and document incident the response plan

Element:

3. Implement the incident response plan

Performance Criteria:

3.1 Apply response actions to reported security incident according to incident response plan and task requirements

3.2 Assist in collecting, processing and preserving evidence according to requirements

3.3 Execute incident response plans, red-teaming activities and incident response exercises

3.4 Document security incident response and actions according to task requirements

3.5 Collect, analyse and report incident management measures according to task requirements

Element:

4. Evaluate incident response plans

Performance Criteria:

4.1 Assess and document efficiency and effectiveness of incident response plans activities

4.2 Examine and document effectiveness of red teaming and incident response tests, training and exercises

4.3 Assess effectiveness of communication between incident response team and required internal and external organisations

4.4 Determine and document response improvement activities

4.5 Submit documentation to required personnel and obtain final task sign off

Learning Outcomes


On successful completion of this course the candidate will demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit.


Details of Learning Activities

This may include self-paced and collaborative classroom activities such as:  

  • Class lectures and discussions
  • Class exercises.
  • Practical demonstration in a classroom.
  • Using different resources, finding, researching, analysing and discussing for cybersecurity different attacks.
  • Group project (working as a Red Team and as a Blue Team).
  • Group working discussions.
  • Extensive research work.
  • Analytical thinking for cybersecurity different attacks.


Teaching Schedule

 The proposed teaching schedule for ICTSAS524 is detailed below: 

 

Week

Date

Topic

Assessment / Learning Activities

Week #1

10 February –

16 February

1. Identify and document organisational incident response plan requirements

 

AT 1

Week #2

17 February –

23 February

1. Identify and document incident response team services according to organisational requirements

AT 1

Week #3

24 February –

2 Mar

1. Identify incident response plan structure according to organisational requirements

AT 1

AT 2 - Part 1

 

Released AT1

Week #4

03 March –

09 March

1. Determine and document alignment of organisation’s existing incident response plan against identified requirements

 

2. Submit documentation to required personnel, seek, and respond to feedback

AT 1

AT 2 - Part 1

Wee #5

10 March –

16 March

1. Develop and document incident management policy according to task requirements

AT 1

AT 2 - Part 1

Week #6

17 March –

23 March

1. Create incident response plans according to organisational requirements and security policies and procedures

AT 1

AT 2 - Part 2

Week #7

24 March –

230 March

1. Develop incident handling and reporting procedures

 

2. Create incident response exercises, red-teaming activities, staffing and training requirements

AT 1

AT 2 - Part 2

 

Released AT2

Week #8

31 March –

06 April

1. Develop procedure for collecting and protecting forensic evidence during incident response procedures according to organisational requirements

 

2. Establish and document incident the response plan

AT 1

AT 2 - Part 2

Week #9

07 April –

13 April

1. Apply response actions to reported security incident according to incident response plan and task requirements

AT 1

AT 2 - Part 3

 

Submit AT1 (Due this Week)

Week #10

14 April –

20 April

1. Assist in collecting, processing, and preserving evidence according to requirements

AT 2 - Part 3

 

Mid-Semester Break (21 April – 25 April)

 

Week #11

28 April –

04 May

1. Execute incident response plans, red-teaming activities, and incident response exercises

AT 2 - Part 3

Week #12

05 May –

11 May

1. Document security incident response and actions according to task requirements

 

2. Collect, analyse, and report incident management measures according to task requirements

AT 2 - Part 4

Week #13

12 May –

18 May

1. Assess and document efficiency and effectiveness of incident response plans activities

 

2. Examine and document effectiveness of red teaming and incident response tests, training, and exercises

AT 2 - Part 4

Week #14

19 May –

25 May

1. Assess effectiveness of communication between incident response team and required internal and external organisations

 

2. Determine and document response improvement activities

 

3. Submit documentation to required personnel and obtain final task sign off

AT 2 - Part 4

 

AT 2 - Part 5

Week #15

26 May –

1 June

Course & assessment feedback

Submit AT2 (Due this Week)

Week #16

02 June –

08 June

Course & assessment feedback

  

Week #17

09 June –

15 June

Re-submission if required

  

Week #18

16 June –

22 June

Re-submission if required

  

 

* Please note that this timeline is subject to change based on semester requirements. We recommend checking your Canvas course shell regularly to stay updated with the latest schedule.

 

** Student directed hours involve completing activities such as reading online resources, assignments, individual/group student/teacher course-related consultation. Students are required to self-study the learning materials and complete the assigned out of class activities for the scheduled non-teaching hours. 


Learning Resources

Prescribed Texts


References


Other Resources

please check your canvas for any required resources.


Overview of Assessment

Assessment for this course is ongoing throughout the semester. Your knowledge and understanding of course content is assessed through participation in class exercises and various types of assessments.

Full assessment briefs will be provided and can be found on CANVAS.


Assessment Tasks

The assessment is conducted in both theoretical and practical aspects of the course according to the performance criteria set in the National Training Package. Assessment may incorporate a variety of methods including written/oral activities and demonstration of practical skills to the relevant industry standards. Participants are advised that they are likely to be asked to personally/group demonstrate their assessment activities to their teacher/assessor. Feedback will be provided throughout the course. To successfully complete this course, you will be required to demonstrate competency in each assessment task detailed under Assessment Tasks.

 

1. Assessment Task 1 - Knowledge Task Questions.

2. Assessment Task 2 (Project) - Practical Assessment Task.


Assessment Matrix

Element

Performance criteria

 

 

 

 

Assessment

Task 1: AT 1

Assessment

Task 2: AT 2

1. Prepare to develop an incident response plan

1.1 Identify and document organisational incident response plan requirements

 

Q14, Q16, Q17

Part 1

1.2 Identify and document incident response team services according to organisational requirements

 

Q17, Q18

Part 1

1.3 Identify incident response plan structure according to organisational requirements

 

Q14, Q16

Part 1

1.4 Determine and document alignment of organisation’s existing incident response plan against identified requirements

 

Q14, Q15, Q16

Part 1

1.5 Submit documentation to required personnel, seek and respond to feedback

 

 

Part 1

2. Develop the incident response plan

2.1 Develop and document incident management policy according to task requirements

 

 

Part 2, Part 4

2.2 Create incident response plans according to organisational requirements and security policies and procedures

 

Q16, Q17

Part 2, Part 4

2.3 Develop incident handling and reporting procedures

 

 

Part 2, Part 4

2.4 Create incident response exercises, red-teaming activities, staffing and training requirements

 

 

Part 2, Part 3, Part 4

2.5 Develop procedure for collecting and protecting forensic evidence during incident response procedures according to organisational requirements

 

 

Part 2, Part 4

2.6 Establish and document incident the response plan

 

 

Part 2, Part 4

3. Implement the incident response plan

3.1 Apply response actions to reported security incident according to incident response plan and task requirements

 

 

Part 4

3.2 Assist in collecting, processing and preserving evidence according to requirements

 

 

Part 4

3.3 Execute incident response plans, red-teaming activities and incident response exercises

 

 

Part 4

3.4 Document security incident response and actions according to task requirements

 

 

Part 4

3.5 Collect, analyse and report incident management measures according to task requirements

 

 

Part 4

4. Evaluate incident response plans

4.1 Assess and document efficiency and effectiveness of incident response plans activities

 

 

Part 5

4.2 Examine and document effectiveness of red teaming and incident response tests, training and exercises

 

 

Part 5

4.3 Assess effectiveness of communication between incident response team and required internal and external organisations

 

 

Part 5

4.4 Determine and document response improvement activities 

 

 

Part 5

4.5 Submit documentation to required personnel and obtain final task sign off

 

 

Part 5

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Other Information

Credit Transfer and/or Recognition of Prior Learning (RPL): 

 You may be eligible for credit towards courses in your program if you have already met the learning/competency outcomes through previous learning and/or industry experience. To be eligible for credit towards a course, you must demonstrate that you have already completed learning and/or gained industry experience, that is:   

• Relevant 
• Current 
• Satisfies the learning/competency outcomes of the course   

To find more information about credit transfer and RPL, please refer to the following link: https://www.rmit.edu.au/students/my-course/enrolment/apply-for-credit 

  Study and Learning Support:   

RMIT University Library provides free study support services and resources to help you build your academic skills. 
 
Study and Learning Centre (SLC) provides free learning and academic development advice to you. Services offered by SLC to support your numeracy and literacy skills are:   

• Assignment writing, thesis writing and study skills advice 
• Math and science developmental support and advice 
• English language development 

To find more information about Study and Learning Support, please refer to the following link: https://www.rmit.edu.au/students/support-services/study-support   

 

Equitable Learning Services (ELS):   

The Equitable Learning Services team (ELS team) supports and creates equal opportunities for students with a disability, long-term illness and/or mental health condition. We also support primary carers.    

ELS works in partnership with students to create an Equitable Learning Plan. Your plan is tailored to you, supports your needs and establishes how RMIT can provide ongoing assistance so you can access and participate in your studies. The ELS team can assist you to manage your Equitable Learning Plan.   

To find more information about services offered by Equitable Learning Services (ELS), please refer to the following link: https://www.rmit.edu.au/students/support-services/equitable-learning 

  

Extensions and Special Consideration:    

Extensions:   

• Extensions are available for unforeseen circumstances of a short-term nature.   

• Applications must be submitted to the school at least one working day before the due date of the assessment.   

• Extensions can be approved for up to 7 days past the due date for an assessment. (Where students need an extension exceeding 7 days, they must instead apply for special consideration.)   

 

Special Consideration:   

• An application for special consideration is made in advance of an assessment wherever possible, but will normally be accepted within five working days after the assessment date. For more information, see the Special Consideration page of the RMIT website. 

Plagiarism: 

Plagiarism is a form of cheating and it is very serious academic offence that may lead to expulsion from the University. 

Please Refer: www.rmit.edu.au/academicintegrity to find more information about plagiarism. 
Communication Information: 

All email communications will be sent to your RMIT email address and you must regularly check your RMIT emails.

Course Overview: Access Course Overview