This module is one of the eight modules required for the GCHQ Master's certification.
Routine operations management should maintain a cyber system within its operational envelope and in an optimal state to do useful work; life-cycle operations such as patches, upgrades, replacements and training are performed in a planned and orderly fashion as part of routine operations management.
With indefinite resource, that would be sufficient; the preparedness of the cyber system would always be sufficient to deal with any threat or hazard to which it is exposed. With limited resource however, it is probable that the cyber system will be exposed to some specific threat or hazard that it is not sufficiently prepared to deal with. When this happens, an incident occurs which takes the cyber system outside its intended operational envelope.
The prioritisation and timely coordination of activities is critical to minimise the harm that follows from an incident. These activities should progressively restore the cyber system, re-mediate harm, prevent recurrence, inform interested parties, and restore confidence. Having a well rehearsed incident response plan helps to do this right.
In the cyber context, situational awareness presents the human decision maker with an intuitive representation of the well-being of their cyber environment. Critically, when things go wrong, the important symptoms of this wrongness are highlighted, facilitating corrective action.
Cyber intelligence provides an organisation with the ability to assess the cyber-related threats and hazards that may damage them. It is particularly concerned with the purposeful collection of information, its processing and analysis in order to produce actionable intelligence.
This module gives students a framework to reason about cyber security in order both to anticipate incidents, and to deal with their occurrence.
Reason about the threats and hazards to which a cyber system may be exposed.
Evaluate the situational awareness of an organisation.
Reason about the production of actionable intelligence.
Synthesise key indicators of cyber well-being.
- Risk in the cyber context – assessment, management, hazard vs threat
- Threat actors – organisation, motivation, attention and deception
- Narratives, language and communication
- The intelligence cycle and current intelligence theory and practice, toolsets
- data collection, sensors, endpoint and channel hardening,
- prioritisation, timeliness, presentation, normal vs abnormal, information overload,
- The incident response lifecycle
- Roles and structures
- Facilities, equipment, tools and techniques
- Internal and external communication pre-, mid- and post-incident
100% weighting post-module assignment
This module is delivered in an intensive one-week block of directed tuition (nominally 40 hours, including 18 hours of lectures, 10 hours of seminars and 12 hours of practical classes)
Other useful information
Students will be based in the WMG Cyber Security Centre, with most taught sessions taking place in our specialist cyber security and forensics laboratory / classrooms.