When cyber security controls are circumvented, an organization must respond to cyber incidents. Security operations personnel need to have the skills to systematically neutralize a threat. These steps include formal incident response preparation and planning, threat identification, containment and eradication measures, and implementation of robust controls to mitigate against future compromises.

This module explores the necessary processes and tools used to respond effectively to a detected threat. A structured process of Incident Detection and Response will assist cyber security professionals in proactively searching for cyber security threats. Once detected, this process will ensure that the threat is analysed and neutralised. Information learned from this structured process ensures that cyber security professionals recognise the methods used by current and evolving threats. This module details the preparatory processes that are required in advance, such as incident detection and response policy documentation, teams and communication channels. These processes ensure that detection and reporting structures exist, enabling an organisation to triage a threat and assess its criticality. Containment and threat analysis can be reported back through the process ensuring that post-incident information will aid further detection and strengthen an organisation's cyber defences

1. Integrate advanced theoretical knowledgein the development of Incident Detection and Response policies.

2. Independently evaluate and critically analyse data collection tools, platforms.

3. Apply current accepted methodologies and frameworks for incident response and detection

4. Integrate knowledge of malware forensics to identify and managecyber threats.

5. Apply accepted methodologies for tacklingdesign issues associated with threat remediation.

6. Critically evaluate Incident Detection and Response policies in industry specific environments.

An introduction to automating computer tasks using scripting languages and solving problems using programming languages, with a focus on cyber-security.

1. Design scripts toAutomate cybersecuritytasks..

2. Design and Developalgorithms to solvecomputational problems.

3. Developa complex scripts using programming techniques

4. Analyse and visualise metadata that has been extracted from a variety of sources

5. Design and developalgorithms to identify vunerabilities.

6. Analyse and evaluateareas in cybersecurity that can be automated and develop the algorithms to accomplish it.

An organization endeavours to secure its Information Technology Architecture against threats. Secure Operations Management ensures the elements of this architecture, Network, Operating Systems and Server Technology are configured and secured correctly and compliant with relevant frameworks. Implementing robust defences is the best method to mitigate against threats. Preparedness for an incident is as important as incident response.

1. Critically evaluate design and implement the planning, scoping and reconnaissance phases associated withpenetration testing.

2. Critically evaluate exisitng tools and techniques and develop new best practicesfor Vulnerability Management and Endpoint Protection.

3. Analyse and document measures,concepts and methods that apply to Security Governance, Strategic Planning and Organizational Structure.

4. Desgin and implement appropriate measures and controls that an organisation can deploy to harden devices, networks and operating systems against threats.

5. Conduct appropriate research and undertake the design and development ofappropriate measures and controls that an organisation can deploy to improve threat mitigation capabilities and ensure compliance with relevant frameworks.