Chat with us, powered by LiveChat

SecOps Management

This subject is available under ICMS undergraduate degrees, please click the button below to find an undergraduate course for you.

Subject Code:

CYB301A

Subject Type:

Specialisation 

Credit Points:

3 credit points 

Pre-requisite/Co-requisite: 

CYB201A Network Security, and 

Course level pre-requisite a total of 24 credit points (15 credit points, including ICT101A, ICT102A, ICT103A, DAT101A from level 100 and 9 credit points from level 200 core subjects) prior enrolling into level 300 core and specialisation subjects. 

Subject Level:

300

Subject Rationale:

Cybersecurity operations (SecOps) management is an essential component of a modern enterprise’s overarching IT governance system. Organisations need IT professionals with a sound understanding of the critical requirements in cyber operations to design, develop, and promote security policies and procedures for information assurance at an organisational level. Developing the necessary capabilities in cybersecurity operations management is vital to monitor, detect, analyse, and respond to cybersecurity incidents and continuously improve the organisation’s security posture. 

This subject introduces students to the broad topic of cybersecurity operations, concentrating on the fundamental concepts, frameworks, standards, and methods applied in IT operations management (ITOM) from an information security perspective. Students will explore security information and event management principles and practices, developing the essential knowledge of security-oriented operational governance for common IT functional areas. 

Students will learn the activities, technologies, and techniques related to cybersecurity incident management and response, event management, and emergency response planning. They will discover the use of cyber threat intelligence in countering cyberattacks and enhancing incident response. The constituents, applications, and responsibilities of a modern security operation centre (SOC), including its role and trends in optimising organisational cyber resilience will also be examined. 

Learning Outcomes:

a) Apply the fundamental concepts and principles underlying cybersecurity operations management within a business context.

b) Critically analyse organisational IT security operations, evaluate gaps and opportunities, and model improvements accordingly using relevant industry standards and frameworks.

c) Evaluate the functions and applications of cyber threat intelligence and Security Operation Centre (SOC) in support of security information and event management in the cyber environment.

d) Investigate cybersecurity incidents and events, and formulate response strategies and plans, applying SecOps tools and techniques.

e) Explore the latest trends and technical advancements in cybersecurity operations management, including their role and applications in enhancing organisational cyber resilience.

Student Assessment:

WordPress Table

Broad Topics to be Covered:

Topic: 
Week 1: Fundamentals of IT Operations Management 

  • Basic requirements and need for operation control 
  • IT availability requirements 
  • IT as a service 
  • IT service management (ITSM) vs ITOM (IT operations management)  
  • Monitoring and Reporting methods and techniques 
  • Automation and Remediation 
Week 2: IT Operations Management Standards and Frameworks 

  • Information Technology Information Library (ITIL) v4 
  • ISO 20000 
  • ISO 9001 
  • ISO 22301 
  • ISO 27001 
  • COBIT 
  • Microsoft Operations Framework 
Week 3: Principles of Network Monitoring 

  • Uptime, performance, and recovery objectives, processes, and practices 
  • Network operations centre 
  • Networking monitoring and IT governance controls 
Week 4: Principles of Incident Management 

  • Service level agreements 
  • Service desk and incident management 
  • Incident management tools 
  • Incident management workflows 
  • Standard operating procedures 
  • Incident response team 
  • Incident response planning 
Week 5: Introduction to Security Operations  

  • Security policy and guidelines 
  • CIA (confidentiality, integrity and availability) triad and security operations 
  • Critical infrastructure security 
  • Intrusion analysis and response 
  • Common threats 
  • Threat analysis 
  • Building cyber resilience 
  • SecOps Management with COBIT 
Week 6: Security Incident and Event Management 

  • Information assurance 
  • Log management, data analysis 
  • User and entity behaviour analysis 
Week 7: Security Incident and Event Management Tools and Techniques 

  • Advantages and disadvantages of SIEM 
  • Collection Management Framework 
  • Active Cyber Defence Cycle 
  • SIEM implementation best practices 
  • SIEM Tools 
  • SPLUNK 
  • QRADAR 
  • AlienVault (AT&T) 
Week 8: Emergency Response Planning (ERP) 

  • Building Cybersecurity Incident Response Team (CSIRT) 
  • Elements of the emergency response and recovery planning 
  • Business Impact Analysis 
  • Education and training for ERP 
  • Testing and improvement 
  • Maintenance of the plan 
Week 9: Cyber Threat Intelligence 

  • Threat modelling 
  • Threat and vulnerability analysis 
  • Collection sources 
  • Intelligence production 
  • Threat intelligence lifecycle 
Week 10: Security Operation Centre (SOC) Fundamentals and Operations 

  • The need for a security operation centre 
  • Responsibilities and duties in SOC 
  • Organisational readiness for SOC 
  • Defensible Security Architecture,  
  • Network Security Monitoring (NSM)/ 
  • Continuous Diagnostics and Mitigation (CDM) 
  • Continuous Security Monitoring (CSM) 
  • SOC Case Studies 
  • SOC as a service 
Week 11: Automation and AI in Security Operations Management 

  • AI-based prevention systems for zero-day attacks 
  • AI/ML-driven cyber threat analysis 
  • AI in security operation centre solutions 

 

Please note that these topics are often refined and subject to change so for up to date weekly topics and suggested reading resources, please refer to the Moodle subject page.