Skip to main content Skip to navigation

Cyber Security Incident Management

Learn to:
  • Participate in the formulation of a cyber incident response plan
  • Critically evaluate the response to a cyber incident across the incident's lifecycle
  • Investigate digital artefacts against a realistic brief: preserving, analysing and interpreting the evidence
  • Report digital forensic findings to a non-specialist audience
  • Critically evaluate digital forensic tools and techniques

Why is this important?

The cyber incident response plan enables an organisation to support its critical services in the face of a cyber incident. There might be strong indicators that something is wrong, such as a DDOS attack, or it might be something less obvious, such as the discovery of a possible data breach from many months ago. The full response lifecycle covers preparation, through monitoring, detection, containment, eradication, restoration and post incident review.

To carry out the response plan requires digital forensics - drawing the correct inference from the digital data which pervades modern society. There are a number of challenges with this: the data is fragile, its quantity may be overwhelming, it may be transient or volatile, it may not be legally accessible, it may not be technically accessible, and its structure may be unclear. Drawing inference from the data is complicated; attributing inference back to an individual or organisation is especially difficult.

Set against these significant challenges is the reality that the digital footprint left by a member of modern society may have been left as a consequence of some wrongdoing. Digital forensics seeks to overcome the substantial challenges of drawing correct inference from digital data, so that decisions about the identity of the wrongdoer, and the sanctions that follow, may be made with greater confidence from a better informed perspective.


This module comprises two related but distinct themes: cyber incident response and digital forensics. There are a number of principles that have been established by the digital forensics community and from these a range of tools and techniques have been developed for doing standard things in typical circumstances. Analysing the capabilities and limitations of these tools and techniques is an important part of the module.

Representing what has been inferred to a non-specialist audience is also a critical part of any investigation and is practised in the module.

Module content will cover:

Response planning

  • planning for cyber incidents
  • incident detection
  • intrusion response
  • intrusion management
  • incident handling
  • intrusion analysis, monitoring and logging

Digital forensics

  • overall forensic process
  • collecting, processing and preserving digital evidence:

  • device forensics

  • memory forensics

  • network forensics

  • anti-forensic techniques

  • forensic report

Delivery and assessment

8 half-day sessions will be regularly spaced across Year 3. Within each half day session, there will be a mix of lecture, tutorial and practical activity.

Assessment is 100% coursework for this module.

Essential information

Entry Requirements
A level: AAB (STEM subjects preferred)
IB: 36 points (STEM subjects preferred), with a minimum of 4 in English


Degree of Bachelor of Science (BSc)

3 years full time (30 weeks per academic year)

Tuition fees
Find out more about fees and funding

How to apply Undergraduate admissions