Course coordinator
Dr Siamak Layeghy
Course overview
- Study period
- Semester 2, 2024 (22/07/2024 - 18/11/2024)
- Study level
- Postgraduate Coursework
- Location
- St Lucia
- Attendance mode
- In Person
- Units
- 2
- Administrative campus
- St Lucia
- Coordinating unit
- Elec Engineering & Comp Science School
This course will cover the concepts and practical aspects of incident response, including but not limited to:
1. Basic knowledge required for incident response
2. Prevention, preparation, backup and hardening of assets
3. Responding, recovery, coordination and investigations
4. Incident Reporting
Thisᅠcourse introduces students toᅠthe knowledge relevant to cyber incident response.ᅠThe course will be delivered through a combination of lectures, guest lectures, tutorials, real-world examples and exercises.ᅠTopics that will be covered in the course will include but are not limited to policy frameworks that incident response teams work under, the creation of teams and foundationalᅠitems in incident response, understanding intelligenceᅠon cyber adversaries' tactics, techniquesᅠand procedures and its implication forᅠincident response, identifying and prioritizing incidents and how to report them, alongside containment and evidence gathering. In addition, students will also learn incident response planning, playbooks, evaluation environments and digital forensics, and the way to exercise and assess these capabilities.ᅠ
Course requirements
Prerequisites
You'll need to complete the following courses before enrolling in this one:
Master of Cyber Security Core Courses (CYBR7001, CYBR7002, CYBR7003, CRIM7080)
Course contact
Course staff
Lecturer
Dr Siamak Layeghy
Timetable
The timetable for this course is available on the UQ Public Timetable.
Aims and outcomes
The aim of this course is to equip students with the necessary knowledge and skills to effectively respond to cyber incidents. Throughout the course, students will delve into various aspects of cyber incident response, including policy and international considerations, team formation and management, identification, analysis, and reporting of cyber incidents, as well as information gathering and sharing. By the end of the course, students will have developed the ability to strategically plan, analyze, and respond to cyber incidents in a team-oriented environment.
Learning outcomes
After successfully completing this course you should be able to:
LO1.
Understand the importance of policy and international settings in the context of cyber incident response.
LO2.
Develop plans for creating, revising, or modifying incident response teams tailored to specific organizational contexts.
LO3.
Formulate effective incident response plans and propose playbooks for different types of incidents.
LO4.
Analyze and categorize incidents, establish secure processes for containment and analysis, and manage digital forensics and evidence collection.
LO5.
Collect and analyze cyber incident information and produce incident reports suitable for stakeholders.
LO6.
Extract and organize information for reporting and sharing with other stakeholders, while actively collaborating within small teams to achieve organizational objectives.
Assessment
Assessment summary
| Category | Assessment task | Weight | Due date |
|---|---|---|---|
| Tutorial/ Problem Set |
Exercise
|
10% |
Week 2 - Week 11
Exercises due before each tutorial (10 in total) |
| Project |
Assignment 1
|
30% |
30/08/2024 3:00 pm |
| Project |
Assignment 2
|
30% |
30/09/2024 3:00 pm |
| Project |
Assignment 3
|
30% |
25/10/2024 3:00 pm |
A hurdle is an assessment requirement that must be satisfied in order to receive a specific grade for the course. Check the assessment details for more information about hurdle requirements.
Assessment details
Exercise
- Hurdle
- In-person
- Mode
- Written
- Category
- Tutorial/ Problem Set
- Weight
- 10%
- Due date
Week 2 - Week 11
Exercises due before each tutorial (10 in total)
- Learning outcomes
- L01, L02, L03, L04
Task description
There are 10 tutorials, starting from week 2, ending in week 11 and due date for each exercise is before each tutorial. Simple exercises cover the knowledge learned in the previous lecture.
Hurdle requirements
If you fail to obtain at least 50% of the mark for the tutorial exercises, your overall mark will be capped at 49%, corresponding to an overall grade of 3 or lower.Submission guidelines
Blackboard
Deferral or extension
You cannot defer or apply for an extension for this assessment.
No extensions available and 100% Late penalty applied for the exercises. To accommodate unforeseen circumstances such as illness, your score will be based on the best 8 out of 10 submissions.
Assignment 1
- Hurdle
- Team or group-based
- Mode
- Written
- Category
- Project
- Weight
- 30%
- Due date
30/08/2024 3:00 pm
- Other conditions
- Peer assessment factor.
- Learning outcomes
- L01, L02, L03, L05, L06
Task description
Work as a team to create an incident response plan document.
Hurdle requirements
Refer to course grading informationSubmission guidelines
Deferral or extension
You may be able to apply for an extension.
The maximum extension allowed is 7 days. Extensions are given in multiples of 24 hours.
This course uses a progressive assessment approach, where feedback will be released to students within 14-21 days.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Assignment 2
- Hurdle
- Team or group-based
- Mode
- Written
- Category
- Project
- Weight
- 30%
- Due date
30/09/2024 3:00 pm
- Other conditions
- Time limited, Peer assessment factor.
- Learning outcomes
- L01, L02, L03, L04, L05, L06
Task description
Work as a team to study the application of principles of forensics, digital assets and information sharing to create a playbook document
Hurdle requirements
Refer to course grading informationSubmission guidelines
Deferral or extension
You may be able to apply for an extension.
The maximum extension allowed is 7 days. Extensions are given in multiples of 24 hours.
This course uses a progressive assessment approach, where feedback will be released to students within 14-21 days.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Assignment 3
- Hurdle
- Team or group-based
- Mode
- Written
- Category
- Project
- Weight
- 30%
- Due date
25/10/2024 3:00 pm
- Other conditions
- Time limited, Peer assessment factor.
- Learning outcomes
- L01, L02, L03, L04, L05, L06
Task description
Apply the principles of forensics, digital assets, and information sharing in practice and create related documents
Hurdle requirements
Refer to course grading informationSubmission guidelines
Deferral or extension
You may be able to apply for an extension.
The maximum extension allowed is 7 days. Extensions are given in multiples of 24 hours.
This course uses a progressive assessment approach, where feedback will be released to students within 14-21 days.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Course grading
Full criteria for each grade is available in the Assessment Procedure.
| Grade | Cut off Percent | Description |
|---|---|---|
| 1 (Low Fail) | 0 - 19 |
Absence of evidence of achievement of course learning outcomes. |
| 2 (Fail) | 20 - 44 |
Minimal evidence of achievement of course learning outcomes. |
| 3 (Marginal Fail) | 45 - 49 |
Demonstrated evidence of developing achievement of course learning outcomes |
| 4 (Pass) | 50 - 64 |
Demonstrated evidence of functional achievement of course learning outcomes. |
| 5 (Credit) | 65 - 74 |
Demonstrated evidence of proficient achievement of course learning outcomes. |
| 6 (Distinction) | 75 - 84 |
Demonstrated evidence of advanced achievement of course learning outcomes. |
| 7 (High Distinction) | 85 - 100 |
Demonstrated evidence of exceptional achievement of course learning outcomes. |
Additional course grading information
Your final mark will be calculated by adding up your marks of tutorial exercises (out of 10) and assignments (out of 90). If you fail to obtain at least 50% of the mark for the tutorial exercisesᅠ(i.e. 5 out of 10) or you fail to obtain at least 50% of the mark for the assignments (i.e., 45 out of 90), your overall mark will be capped at 49%, corresponding to an overall grade of 3 or lower.
The final mark will be rounded to the nearest whole number before grade cut-offs apply. At the discretion of the course coordinator, marks for assessment items may be adjusted upwards (uniformly across the class), but not downwards.
Supplementary assessment
Supplementary assessment is available for this course.
Additional assessment information
Group Assignment Meetings
Group assignments will require regular meetings with the course coordinator at mutually agreed times.ᅠStudent identities must be verified using UQ student identification card or other suitable government-issued ID. This is an opportunity for the students to get guidance and support for their projects on team dynamics. All students are required to be able to demonstrate their individual engagement and participation with the group task.ᅠDemonstrated appropriate engagement is a requirement to pass each assessment task. Since all the three assignments are group work, each group will meet with the course coordinator at least once for one of the assignments.
The assignments will include a peer review component where each group member will evaluate the contributions of their teammates, assessing the quality, thoroughness, and timeliness of their work. The course coordinator reserves the right to vary group marks for each group member in the event of varied contributions to the team effort.
Artificial Intelligence (AI) and Machine Translation (MT) are emerging tools that may support students in completing this assessment task. Students may appropriately use AI and/or MT in completing this assessment task. Students must clearly reference any use of AI or MT in each instance. A failure to reference generative AI or MT use may constitute student misconduct under the Student Code of Conduct.
Learning resources
You'll need the following resources to successfully complete the course. We've indicated below if you need a personal copy of the reading materials or your own item.
Library resources
Library resources are available on the UQ Library website.
Additional learning resources information
1.Guide to working in teams: https://www.edx.org/course/working-in-teams-a-practical-guide
2. Computer Security Incident Handling Guide: https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final
3. Cybersecurity Capability Maturity Model (C2M2): https://www.energy.gov/ceser/cybersecurity-capability-maturity-model-c2m2
4. ISO/IEC 27000 family Information security management: https://www.iso.org/standard/iso-iec-27000-family
Learning activities
The learning activities for this course are outlined below. Learn more about the learning outcomes that apply to this course.
Filter activity type by
Please select
| Learning period | Activity type | Topic |
|---|---|---|
Multiple weeks |
Lecture |
Lectures Lectures (Lecture): Lectures will be mainly used to introduce new material. There will also be time during lectures specifically for getting help with assignments. Learning outcomes: L01, L02, L03, L04, L05, L06 |
Tutorial |
Tutorial Tutorials will be mainly used to work on exercises on the lecture material. This will be a more interactive process than lecture presentations. The intent is to provide a learning environment that provides better support for the content covered in this course. There will also be time during tutorials specifically for getting help with assignments. Each week, tutorials will focus on one practical tool or concept related to Incident Response (IR). While the lectures will cover the necessary theoretical knowledge expected at a Masters level course, the course will also provide you with exposure to various tools by its completion. Learning outcomes: L01, L02, L03, L04 |
Policies and procedures
University policies and procedures apply to all aspects of student life. As a UQ student, you must comply with University-wide and program-specific requirements, including the:
- Student Code of Conduct Policy
- Student Integrity and Misconduct Policy and Procedure
- Assessment Procedure
- Examinations Procedure
- Reasonable Adjustments - Students Policy and Procedure
Learn more about UQ policies on my.UQ and the Policy and Procedure Library.
School guidelines
Your school has additional guidelines you'll need to follow for this course: