Skip to main content Skip to navigation

Cyber Intelligence and Operations

This is a course module on MSc Cyber Security Engineering and is available as an elective on MSc Cyber Security and Management.

This module is one of the eight modules required for the GCHQ Master's certification.


Routine operations management should maintain a cyber system within its operational envelope and in an optimal state to do useful work; life-cycle operations such as patches, upgrades, replacements and training are performed in a planned and orderly fashion as part of routine operations management.

With indefinite resource, that would be sufficient; the preparedness of the cyber system would always be sufficient to deal with any threat or hazard to which it is exposed. With limited resource however, it is probable that the cyber system will be exposed to some specific threat or hazard that it is not sufficiently prepared to deal with. When this happens, an incident occurs which takes the cyber system outside its intended operational envelope.

The prioritisation and timely coordination of activities is critical to minimise the harm that follows from an incident. These activities should progressively restore the cyber system, re-mediate harm, prevent recurrence, inform interested parties, and restore confidence. Having a well rehearsed incident response plan helps to do this right.

In the cyber context, situational awareness presents the human decision maker with an intuitive representation of the well-being of their cyber environment. Critically, when things go wrong, the important symptoms of this wrongness are highlighted, facilitating corrective action.

Cyber intelligence provides an organisation with the ability to assess the cyber-related threats and hazards that may damage them. It is particularly concerned with the purposeful collection of information, its processing and analysis in order to produce actionable intelligence.

This module gives students a framework to reason about cyber security in order both to anticipate incidents, and to deal with their occurrence.

Principal Learning Outcomes

  • reason about the threats and hazards to which a cyber system may be exposed with a view to producing actionable intelligence to reduce negative consequences.
  • evaluate the situational awareness of an organisation to the key indicators of its cyber well-being.
  • constructively contribute to the development of a cyber security incident response plan.

Other useful information

This module is delivered in an intensive one-week block of directed tuition (nominally 40 hours). Students will be based in the WMG Cyber Security Centre, with most taught sessions taking place in our specialist cyber security and forensics laboratory / classrooms.

Formal assessment for this module typically comprises:

  • a lab-based assessment, taking place during taught sessions (20%)
  • a report, to be submitted after the taught module period (80%)

There are no pre-requisites for this module. Students who are choosing this module as part of a course other than MSc Cyber Security and Management are welcome to seek preparatory advice.

The MSc Cyber Security and Management course team regularly reviews the content provided here for currency and accuracy. Please do get in touch with any queries.Contact: