COMP47870 Incident Response

Academic Year 2023/2024

Incident response is a critical aspect of cybersecurity. It goes far beyond backup systems and disaster planning and involves critical reasoning and actions that can have consequences beyond the immediate incident. The course will address how threats develop, and how others have dealt with major incidents in the past. We will look at major cyber-attacks, including both commercial and military ones, and see how to draw lessons from these.

The course will include an in-depth analysis of the Irish government official inquiry into the 2021 HSE cyber-attack, using the published documents as primary source. There will be at least one lecture covering the technical operation of such malware tools. The class will investigate, research on, and report back with data on current cyber-threat models. These will be discussed in open class discussion forums. There will be a realistic scenario, conducted via small groups, where student teams tackle the scenario over a tight time frame. This will account for a percentage of final grade. In addition, students maybe required to attend seminars given by security specialists. Students will maintain a learning journal addressing topics and issues that are discussed in lectures or identified by the lecturer.

Show/hide contentOpenClose All

Curricular information is subject to change

What will I learn?

Learning Outcomes:

- Understand the process of Incident Response
- Understand how various malware tool sets work
- Understand and learn from major incidents of the recent past, including both 'for profit' criminal attacks, espionage, and military attacks
- Understand the legal, human resource, and corporate ramifications arising from acting in response to incidents
- Discuss current trends and likely future directions in cyber threat
- Understand, and be able to, rapidly assess an individual threat, using high quality, trusted sources on the internet

Indicative Module Content:

- How malware has evolved over time, how it works, and how the criminal system surrounding it operates
- In-depth study of the report on the HSE cyber-attack - Technical detail of the attack
- In-depth study of the report on the HSE cyber-attack - Actual incident response and lessons learned
- Intrusion, and intrusion detection (guest speaker)
- Identification and use of reliable sources for information on current, and emerging, cyber threats
- Production of a report on a type of current threat (via assignment)
- Real world case studies

How will I learn?

Student Effort Hours:

Student Effort Type	Hours
Lectures	24
Practical	6
Autonomous Student Learning	85
Total	115

Approaches to Teaching and Learning:
The course will be delivered via online lectures and 3 in person workshops.

Am I eligible to take this module?

Requirements, Exclusions and Recommendations

Not applicable to this module.

Module Requisites and Incompatibles

Not applicable to this module.

How will I be assessed?

Assessment Strategy

Description	Timing	Open Book Exam	Component Scale	Must Pass Component	% of Final Grade
Continuous Assessment: Learning Journal (including threat research report)	Throughout the Trimester	n/a	Graded	No	25
Multiple Choice Questionnaire: HSE Report Online MCQ	Week 6	n/a	Graded	No	10
Examination: End-of-trimester examination	2 hour End of Trimester Exam	No	Graded	No	40
Project: Scenario/Case study in groups	Throughout the Trimester	n/a	Graded	No	25

Carry forward of passed components
Yes

What happens if I fail?

Resit In	Terminal Exam
Spring	Yes - 2 Hour

Please see Student Jargon Buster for more information about remediation types and timing.

Assessment feedback

Feedback Strategy/Strategies

• Feedback individually to students, post-assessment

How will my Feedback be Delivered?

Individual feedback to students, post-assessment. A class WhatsApp group or news, current happenings related to subject and for content-related discussions. For the real-life incident case study, the UCD review team will give feedback and expert advice, to each group, either in class, or via zoom. The lecturer will provide either written or oral feedback to the students.

When is this module offered?

Timetabling information is displayed only for guidance purposes, relates to the current Academic Year only and is subject to change.


Autumn
Practical	Offering 1	Week(s) - 0	Fri 10:00 - 11:50
Practical	Offering 1	Week(s) - 13	Fri 10:00 - 11:50
Practical	Offering 1	Week(s) - 7	Fri 10:00 - 11:50
Autumn

UCD Course Search
Incident Response (COMP47870)

Academic Year 2023/2024

The information contained in this document is, to the best of our knowledge, true and accurate at the time of publication, and is solely for informational purposes. University College Dublin accepts no liability for any loss or damage howsoever arising as a result of use or reliance on this information.

Incident Response (COMP47870)

Subject:: Computer Science
College:: Science
School:: Computer Science
Level:: 4 (Masters)
Credits:: 5.0
Trimester:: Autumn
Module Coordinator:: Dr Rob Brennan
Mode of Delivery:: Blended
Internship Module:: No
How will I be graded?: Letter grades

(Google Chrome is recommended when printing this page)