UC3EST05 SIEMs and Threat Intelligence

UC3EST05 SIEMs and Threat Intelligence

  • Course description
    • NQF Level
      Bachelor's degree (Level 6 1. Cycle)
    • Area of Study
      Computing
    • Program of Study
      Digital Forensics and Incident Response
    • ECTS
      05
    • Campus
      Kristiansand, OnlinePLUS - Oslo, Online
    • Course Leader
      Emlyn Butterfield
Introduction

Language of Instruction and assessment: English
May be offered on Campus and Online.
May be offered as a separate course.

Included in the following bachelor's degrees:

  • Digital Forensics and Incident Management
Course Aim(s)

The course aims to address the “Big Data” and “Data Analysis” problem, faced by organisations today; teaching students the process of designing a Security Information and Event Management (SIEM) architecture, and how it is integrated into a Security Operations Centre.

Course Learning Outcomes
Knowledge

The student has knowledge of

K1 concepts related to dealing with “Big Data”, to detect incidents or information of importance to an organisation.
K2 log analytics and threat hunting metrics.
K3 ifferent logging sources and types.
Skills

The student gain skills in

S1 the identification and creation of intelligence requirements through practices such as threat modelling.
S2 the generation of threat intelligence to detect, respond to, and defeat focused and targeted threats.
S3 the design of a SIEM.
General Competence

The student can demonstrate

G1 presenting arguments based on data analyses.
G2 communicating concepts and techniques to analyse data.
Course Topics
  • SIEM core concepts
  • Data quality
  • Logging sources
  • Log collection, aggregation, and analysis
  • SIEM solutions
  • Threat intelligence process
Teaching Methods
  1. Teaching will be based on a hybrid-flexible approach. Instructor-led face-to-face learning is combined with online learning in a flexible course structure that gives students the option of attending sessions in the classroom, participating online, or doing both.
  2. All activities require active student participation in their own learning.
  3. Learning delivery methods and available resources will be selected to ensure constructive alignment with course content, learning outcomes and assessment criteria.
  4. Students will be taught using a mixture of guidance, self-study, and lecture material. Topics will be introduced in a series of weekly lectures. The guidance sessions will be directed practical exercises and reading in which students can explore topics with support from a teacher. This material will also require students to self-manage their time to ensure tasks are completed and the theory is fully understood. This will allow the students to fully engage with lectures and with their peers.
Resources and Equipment
  1. Learning resources are available in the LMS and include, but is not limited to:
    • literature and online reading material (essential and recommended)
    • streams, recordings and other digital resources, where applicable
    • video conferencing and communication platforms, if applicable
    • tools, software and libraries, where applicable
  2. Students must have access to an internet connection, and suitable hardware.
    • Accessing live streams and virtual laboratories requires a minimum broadband connection of 2Mbps (4Mbps recommended).
  3. Students working on their own laptop/computer are required to acquire appropriate communications software, e.g., webcam, microphone, headphones.
Prerequisite Knowledge

UC2IRF10 Incident Response Fundamentals, or equivalent course(s).

Reading List

The reading list for this course and any additional electronic resources will be provided in the LMS.

Study Workload

125 nominal hours.
Study workload applies to both Campus and Online students.

ActivityDuration
Teacher-led activity
12
Teacher-supported work
24
Self-study
89