Explore UCD

UCD Home >

COMP47870

Academic Year 2024/2025

Incident Response (COMP47870)

Subject:
Computer Science
College:
Science
School:
Computer Science
Level:
4 (Masters)
Credits:
5
Module Coordinator:
Dr Rob Brennan
Trimester:
Autumn
Mode of Delivery:
Blended
Internship Module:
No
How will I be graded?
Letter grades

Curricular information is subject to change.

Incident response is a critical aspect of cybersecurity. It goes far beyond backup systems and disaster planning and involves critical reasoning and actions that can have consequences beyond the immediate incident. The course will address how threats develop, and how others have dealt with major incidents in the past. We will look at major cyber-attacks, including both commercial and military ones, and see how to draw lessons from these.

The course will include an in-depth analysis of the Irish government official inquiry into the 2021 HSE cyber-attack, using the published documents as primary source. There will be at least one lecture covering the technical operation of such malware tools. The class will investigate, research on, and report back with data on current cyber-threat models. These will be discussed in open class discussion forums. There will be a realistic scenario, conducted via small groups, where student teams tackle the scenario over a tight time frame. This will account for a percentage of final grade. In addition, students maybe required to attend seminars given by security specialists. Students will maintain a learning journal addressing topics and issues that are discussed in lectures or identified by the lecturer.

About this Module

Learning Outcomes:

- Understand the process of Incident Response
- Understand how various malware tool sets work
- Understand and learn from major incidents of the recent past, including both 'for profit' criminal attacks, espionage, and military attacks
- Understand the legal, human resource, and corporate ramifications arising from acting in response to incidents
- Discuss current trends and likely future directions in cyber threat
- Understand, and be able to, rapidly assess an individual threat, using high quality, trusted sources on the internet

Indicative Module Content:

- How malware has evolved over time, how it works, and how the criminal system surrounding it operates
- In-depth study of the report on the HSE cyber-attack - Technical detail of the attack
- In-depth study of the report on the HSE cyber-attack - Actual incident response and lessons learned
- Intrusion, and intrusion detection (guest speaker)
- Identification and use of reliable sources for information on current, and emerging, cyber threats
- Production of a report on a type of current threat (via assignment)
- Real world case studies

Student Effort Hours:
Student Effort Type Hours
Lectures

24
Practical

6
Autonomous Student Learning

85
Total

115

Approaches to Teaching and Learning:
The course will be delivered via online lectures and 3 in person workshops.

Requirements, Exclusions and Recommendations

Not applicable to this module.


Module Requisites and Incompatibles
Not applicable to this module.
 

Assessment Strategy  
Description Timing Component Scale Must Pass Component % of Final Grade In Module Component Repeat Offered
Exam (In-person): 2 hour Exam Week 14 Alternative linear conversion grade scale 40% No

40

 No
Reflective Assignment: Learning Journal including threat research and personal assessment of revised IR plan Week 8, Week 15 Alternative linear conversion grade scale 40% No

50

 No
Exam (Open Book): Online MCQ on HSE Report Week 5 Alternative linear conversion grade scale 40% No

10

 No

Carry forward of passed components
Yes
 

Resit In Terminal Exam
Spring Yes - 2 Hour
Please see Student Jargon Buster for more information about remediation types and timing. 

Feedback Strategy/Strategies

• Feedback individually to students, post-assessment

How will my Feedback be Delivered?

Individual feedback to students, post-assessment. A class WhatsApp group or news, current happenings related to subject and for content-related discussions. For the real-life incident case study, the UCD review team will give feedback and expert advice, to each group, either in class, or via zoom. The lecturer will provide either written or oral feedback to the students.

Print this page
Fill in the following details:
Enter the body of your query here.

From time to time UCD would like to send you further information that we feel, based on your enquiry, would be of interest to you.