Course coordinator
Dr Siamak Layeghy
Course overview
- Study period
- Semester 2, 2025 (28/07/2025 - 22/11/2025)
- Study level
- Postgraduate Coursework
- Location
- St Lucia
- Attendance mode
- In Person
- Units
- 2
- Administrative campus
- St Lucia
- Coordinating unit
- Elec Engineering & Comp Science School
This course will cover the concepts and practical aspects of incident response, including but not limited to:
1. Basic knowledge required for incident response
2. Prevention, preparation, backup and hardening of assets
3. Responding, recovery, coordination and investigations
4. Incident Reporting
Thisᅠcourse introduces students toᅠthe knowledge relevant to cyber incident response.ᅠThe course will be delivered through a combination of lectures, guest lectures, tutorials, real-world examples and exercises.ᅠTopics that will be covered in the course will include but are not limited to policy frameworks that incident response teams work under, the creation of teams and foundationalᅠitems in incident response, understanding intelligenceᅠon cyber adversaries' tactics, techniquesᅠand procedures and its implication forᅠincident response, identifying and prioritizing incidents and how to report them, alongside containment and evidence gathering. In addition, students will also learn incident response planning, playbooks, evaluation environments and digital forensics, and the way to exercise and assess these capabilities.ᅠ
Course requirements
Prerequisites
You'll need to complete the following courses before enrolling in this one:
Master of Cyber Security Core Courses (CYBR7001, CYBR7002, CYBR7003, CRIM7080)
Course contact
Course staff
Lecturer
Dr Siamak Layeghy
Dr Hamed Khiabani
Timetable
The timetable for this course is available on the UQ Public Timetable.
Aims and outcomes
The aim of this course is to equip students with the necessary knowledge and skills to effectively respond to cyber incidents. Throughout the course, students will delve into various aspects of cyber incident response, including policy and international considerations, team formation and management, identification, analysis, and reporting of cyber incidents, as well as information gathering and sharing. By the end of the course, students will have developed the ability to strategically plan, analyze, and respond to cyber incidents in a team-oriented environment.
Assessment
Assessment summary
| Category | Assessment task | Weight | Due date |
|---|---|---|---|
| Tutorial/ Problem Set |
Exercise
|
10% |
4/08/2025 - 13/10/2025
Exercises due 4pm Friday from week 2 to week 11 (10 in total) |
| Project |
Assignment 1
|
30% |
5/09/2025 3:00 pm |
| Project |
Assignment 2
|
30% |
7/10/2025 3:00 pm |
| Project |
Assignment 3
|
30% |
31/10/2025 3:00 pm |
A hurdle is an assessment requirement that must be satisfied in order to receive a specific grade for the course. Check the assessment details for more information about hurdle requirements.
Assessment details
Exercise
- In-person
- Mode
- Written
- Category
- Tutorial/ Problem Set
- Weight
- 10%
- Due date
4/08/2025 - 13/10/2025
Exercises due 4pm Friday
from week 2 to week 11 (10 in total)
- Learning outcomes
- L01, L02, L03, L04
Task description
There are 10 exercises to complete, starting from week 2, ending in week 11 and due date for each exercise is Friday at 4pm. Simple exercises cover the knowledge learned in the previous lecture. Please refer to additional assessment information below for important details on the use of AI.
Submission guidelines
Via Blackboard
Deferral or extension
You cannot defer or apply for an extension for this assessment.
Because only the best 8 out of 10 submissions will contribute to the mark for this assessment item and results/answers are released soon after the due date, no extensions are permitted.
If you're unable to complete the required 8 Exercises due to exceptional circumstances, please contact the School at studentenquiries@eecs.uq.edu.au
Late submission
You will receive a mark of 0 if this assessment is submitted late.
Because
• the results/answers are released soon after the due date, and
• only the best 8 of 10 will contribute to the mark for this assessment item
a 100% penalty will be applied to late submission.
This has been approved by the Associate Dean (Academic)
Assignment 1
- Hurdle
- Team or group-based
- Mode
- Written
- Category
- Project
- Weight
- 30%
- Due date
5/09/2025 3:00 pm
- Other conditions
- Peer assessment factor.
- Learning outcomes
- L01, L02, L03, L05, L06
Task description
Work as a team to create an incident response plan document. Please refer to additional assessment information below for important details on group work and the use of AI.
Hurdle requirements
Refer to course grading informationSubmission guidelines
via Blackboard
Deferral or extension
You may be able to apply for an extension.
The maximum extension allowed is 7 days. Extensions are given in multiples of 24 hours.
This course uses a progressive assessment approach, where feedback will be released to students within 14-21 days.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Assignment 2
- Hurdle
- Team or group-based
- Mode
- Written
- Category
- Project
- Weight
- 30%
- Due date
7/10/2025 3:00 pm
- Other conditions
- Time limited, Peer assessment factor.
- Learning outcomes
- L01, L02, L03, L04, L05, L06
Task description
Work as a team to study the application of principles of forensics, digital assets and information sharing to create a playbook document. Please refer to additional assessment information below for important details on group work and the use of AI.
Hurdle requirements
Refer to course grading informationSubmission guidelines
via Blackboard
Deferral or extension
You may be able to apply for an extension.
The maximum extension allowed is 7 days. Extensions are given in multiples of 24 hours.
This course uses a progressive assessment approach, where feedback will be released to students within 14-21 days.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Assignment 3
- Hurdle
- Team or group-based
- Mode
- Written
- Category
- Project
- Weight
- 30%
- Due date
31/10/2025 3:00 pm
- Other conditions
- Time limited, Peer assessment factor.
- Learning outcomes
- L01, L02, L03, L04, L05, L06
Task description
Apply the principles of forensics, digital assets, and information sharing in practice and create related documents. Please refer to additional assessment information below for important details on group work and the use of AI.
Hurdle requirements
Refer to course grading informationSubmission guidelines
via Blackboard
Deferral or extension
You may be able to apply for an extension.
The maximum extension allowed is 7 days. Extensions are given in multiples of 24 hours.
This course uses a progressive assessment approach, where feedback will be released to students within 14-21 days.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Course grading
Full criteria for each grade is available in the Assessment Procedure.
| Grade | Cut off Percent | Description |
|---|---|---|
| 1 (Low Fail) | 0 - 19 |
Absence of evidence of achievement of course learning outcomes. |
| 2 (Fail) | 20 - 46 |
Minimal evidence of achievement of course learning outcomes. |
| 3 (Marginal Fail) | 47 - 49 |
Demonstrated evidence of developing achievement of course learning outcomes |
| 4 (Pass) | 50 - 64 |
Demonstrated evidence of functional achievement of course learning outcomes. |
| 5 (Credit) | 65 - 74 |
Demonstrated evidence of proficient achievement of course learning outcomes. |
| 6 (Distinction) | 75 - 84 |
Demonstrated evidence of advanced achievement of course learning outcomes. |
| 7 (High Distinction) | 85 - 100 |
Demonstrated evidence of exceptional achievement of course learning outcomes. |
Additional course grading information
Your final mark will be calculated by adding up your marks of your exercises (out of 10) and assignments (out of 90). If you fail to obtain at least 50% of the mark for the assignments (i.e., 45 out of 90), your overall mark will be capped at 49%, corresponding to an overall grade of 3 or lower.
The final mark will be rounded to the nearest whole number before grade cut-offs apply. At the discretion of the course coordinator, marks for assessment items may be adjusted upwards (uniformly across the class), but not downwards.
Supplementary assessment
Supplementary assessment is available for this course.
Additional assessment information
Group Assignment Meetings
Group assignments will require regular meetings with the course coordinator at mutually agreed times.ᅠStudent identities must be verified using UQ student identification card or other suitable government-issued ID. This is an opportunity for the students to get guidance and support for their projects on team dynamics. All students are required to be able to demonstrate their individual engagement and participation with the group task.ᅠDemonstrated appropriate engagement is a requirement to pass each assessment task. Since all the three assignments are group work, each group will meet with the course coordinator at least once for one of the assignments.
The assignments will include a peer review component where each group member will evaluate the contributions of their teammates, assessing the quality, thoroughness, and timeliness of their work. The course coordinator reserves the right to vary group marks for each group member in the event of varied contributions to the team effort.
Artificial Intelligence (AI) and Machine Translation (MT) are emerging tools that may support students in completing this assessment task. Students may appropriately use AI and/or MT in completing this assessment task. Students must clearly reference any use of AI or MT in each instance. A failure to reference generative AI or MT use may constitute student misconduct under the Student Code of Conduct.
Having Troubles?
If you are having difficulties with any aspect of the course material you should seek help. Speak to the course teaching staff.
If external circumstances are affecting your ability to work on the course, you should seek help as soon as possible. The University and UQ Union have organisations and staff who are able to help, for example, UQ Student Services are able to help with study and exam skills, tertiary learning skills, writing skills, financial assistance, personal issues, and disability services (among other things).
Complaints and criticisms should be directed in the first instance to the course coordinator. If you are not satisfied with the outcome, you may bring the matter to the attention of the School of EECS Director of Teaching and Learning.
Learning resources
You'll need the following resources to successfully complete the course. We've indicated below if you need a personal copy of the reading materials or your own item.
Library resources
Library resources are available on the UQ Library website.
Additional learning resources information
1.Guide to working in teams: https://www.edx.org/course/working-in-teams-a-practical-guide
2. Computer Security Incident Handling Guide: https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final
3. Cybersecurity Capability Maturity Model (C2M2): https://www.energy.gov/ceser/cybersecurity-capability-maturity-model-c2m2
4. ISO/IEC 27000 family Information security management: https://www.iso.org/standard/iso-iec-27000-family
Learning activities
The learning activities for this course are outlined below. Learn more about the learning outcomes that apply to this course.
Filter activity type by
Please select
| Learning period | Activity type | Topic |
|---|---|---|
Multiple weeks |
Lecture |
Lectures Lectures (Lecture): Lectures will be mainly used to introduce new material. There will also be time during lectures specifically for getting help with assignments. Learning outcomes: L01, L02, L03, L04, L05, L06 |
Applied Class |
Applied Class Applied classes will be mainly used to work on exercises on the lecture material. This will be a more interactive process than lecture presentations. The intent is to provide a learning environment that provides better support for the content covered in this course. There will also be time during applied classes specifically for getting help with assignments. Each week, applied classes will focus on one practical tool or concept related to Incident Response (IR). While the lectures will cover the necessary theoretical knowledge expected at a Masters level course, the course will also provide you with exposure to various tools by its completion. Learning outcomes: L01, L02, L03, L04 |
Policies and procedures
University policies and procedures apply to all aspects of student life. As a UQ student, you must comply with University-wide and program-specific requirements, including the:
- Student Code of Conduct Policy
- Student Integrity and Misconduct Policy and Procedure
- Assessment Procedure
- Examinations Procedure
- Reasonable Adjustments for Students Policy and Procedure
Learn more about UQ policies on my.UQ and the Policy and Procedure Library.
School guidelines
Your school has additional guidelines you'll need to follow for this course: