COMP47870 Incident Response

Academic Year 2022/2023

Incident response is a critical aspect of cybersecurity. It goes far beyond backup systems and disaster planning and involves critical reasoning and actions that can have consequences beyond the immediate incident. The course will address how threats develop, and how others have dealt with major incidents in the past. We will look at major cyber-attacks, including both commercial and military ones, and see to draw lessons from these.

The course will include an in-depth analysis of the Irish government official inquiry into the 2021 HSE cyber-attack, using the published documents as primary source. There will be at least one lecture coving the technical operation of such malware tools. The class will investigate, research on, and report back with data on current cyber-threat models. These will be discussed in open class discussion forums. There will be a realistic scenario, conducted via small groups, where student teams tackle the scenario over a tight time frame. This will account for a percentage of final grade. In addition, students maybe required to attend seminars given by security specialists. Students will maintain a learning journal addressing topics and issues that are discussed in lectures or identified by the lecturer.

Show/hide contentOpenClose All

Curricular information is subject to change

Learning Outcomes:

- Understand the process of Incident Response
- Understand how various malware tool sets work
- Understand and learn from major incidents of the recent past, including both 'for profit' criminal attacks, espionage, and military attacks
- Understand the legal, human resource, and corporate ramifications arising from acting in response to incidents
- Discuss current trends and likely future directions in cyber threat
- Understand, and be able to, rapidly assess an individual threat, using high quality, trusted sources on the internet

Indicative Module Content:

- How malware has evolved over time, how it works, and how the criminal system surrounding it operates
- In-depth study of the report on the HSE cyber-attack - Technical detail of the attack
- In-depth study of the report on the HSE cyber-attack - Actual incident response and lessons learned
- Intrusion, and intrusion detection (guest speaker)
- Identification and use of reliable sources for information on current, and emerging, cyber threats
- Production of a report on a type of current threat (via assignment)
- Real world case studies

Student Effort Hours: 
Student Effort Type Hours




Autonomous Student Learning




Approaches to Teaching and Learning:
The course will be delivered via online lectures and 3 in person workshops. 
Requirements, Exclusions and Recommendations

Not applicable to this module.

Module Requisites and Incompatibles
Not applicable to this module.
Assessment Strategy  
Description Timing Open Book Exam Component Scale Must Pass Component % of Final Grade
Examination: End-of-trimester examination 2 hour End of Trimester Exam No Graded No


Continuous Assessment: Learning Journal Throughout the Trimester n/a Graded No


Project: Scenario/Case study in groups Throughout the Trimester n/a Graded No


Carry forward of passed components
Resit In Terminal Exam
Spring Yes - 2 Hour
Please see Student Jargon Buster for more information about remediation types and timing. 
Feedback Strategy/Strategies

• Feedback individually to students, post-assessment

How will my Feedback be Delivered?

Individual feedback to students, post-assessment. A class WhatsApp group or news, current happenings related to subject and for content-related discussions. For the real-life incident case study, the UCD review team will give feedback and expert advice, to each group, either in class, or via zoom. The lecturer will provide either written or oral feedback to the students.