Indicative Content:



Understand the ethics and legal challenges of cyber security.

Vulnerability identification and computer threats analysis and evaluation

Security Analysis Methodologies

Understand the business aspect behind penetration Testing.

Analyse the technical foundation of penetration testing.

Introduction to foot printing and scanning

System hacking and enumeration

Evaluation of automated security assessment tools

Report Writing and Post Test Actions

Additional topics may be covered, where possible and appropriate. We will use examples from Linux and other modern operating systems to illustrate concepts covered through the course.



This module will support the development and assessment of the following Core Knowledge, Skills and Behaviours from the DTSP Apprenticeship Standard:

Knowledge

K3 Principles of estimating the risks and opportunities of digital and technology solutions.

K11 The nature and scope of common vulnerabilities in digital and technology solutions. For example, the risks of unsecure coding and unprotected networks

Skills

S2 Identify risks, determine mitigation strategies and opportunities for improvement in a digital and technology solutions project.

S9 Apply relevant security and resilience techniques to a digital and technology solution for example: risk assessments, mitigation strategies.

S15 Apply relevant legal, ethical, social and professional standards to a digital and technology solution.

Behaviours

B3 Acts with integrity with respect to ethical, legal and regulatory requirements ensuring the protection of personal data, safety and security.



This module will support the development and assessment of the following Specialist Route Knowledge, Skills and Behaviours from the DTSP Apprenticeship Standard:



Cyber Security Analyst

Knowledge

K45 Principles of cyber security tools and techniques.

K46 Concepts and approaches to cyber security assurance

K48 Key legislative frameworks and the regulatory landscape for cyber security including Data Protection Act 2018, Network Information System Directive 2018, Regulation of Investigatory Powers Act 2000, ISO 27001.

K49 Approaches to incident response and management including escalation and investigation of cyber security breaches and their root cause.

K50 Ethical principles and codes of good practice of at least one significant cyber security professional body and the ethical responsibilities of a cyber security professional.

K51 Principles of common security architectures and methodologies.

K52 Approaches to deployment of cyber security technology components in digital systems to provide security functionality. For example, hardware and software to implement security controls.



Skills

S40 Discover, identify and analyse security threats, attack techniques and vulnerabilities and recommend mitigation and security controls.

S41 Undertake security risk assessments for complex systems without direct supervision and propose a remediation strategy relevant to the context of the organisation.

S42 Recommend improvements to the cyber security approaches of an organisation based on research into future potential cyber threats and considering threat trends.

S43 Manage cyber security risk.

S44 Use appropriate cyber security technology, tools and techniques in relation to the risks identified.

S45 Lead cyber security awareness campaigns and evaluate their effectiveness.

S46 Analyse cyber security requirements against other design requirements for systems or products, identify conflicting requirements and recommend appropriate solutions with clear explanation of costs and benefits.

S47 Lead the design and build of systems in accordance with a security case to address organisational challenges.

ASSESSMENT 1: A skills demonstration under exam conditions. You will be asked to undertake a penetration test of a given target in a contained and legal environment, within the target there will be 10 “flags” which contain unique information. You will be asked to undertake penetrating testing activities, in line with the ethical hacking lifecycle, in order to locate the flag information and will need to provide the information contained as their answers to the examination.

This will be used to assess Learning Objectives 1, 2, 3, 4 and 5.



Assessing the following KSBs

Cyber Security Analyst

Knowledge

K45 Principles of cyber security tools and techniques.

K51 Principles of common security architectures and methodologies.

K52 Approaches to deployment of cyber security technology components in digital systems to provide security functionality. For example, hardware and software to implement security controls.

Skills

S40 Discover, identify and analyse security threats, attack techniques and vulnerabilities and recommend mitigation and security controls.

S41 Undertake security risk assessments for complex systems without direct supervision and propose a remediation strategy relevant to the context of the organisation.

S44 Use appropriate cyber security technology, tools and techniques in relation to the risks identified.





ASSESSMENT 2: A 1hr examination assessing tools, techniques, technologies and topics within Penetration Testing, following the industry standard examination style for hacking certifications.

This will be used to assess Learning Objectives 1, 2, 3, 4 and 5.



Assessing the following KSBs

Cyber Security Analyst

Knowledge

K45 Principles of cyber security tools and techniques.

K47 Concepts and approaches to cyber security assurance

K48 Key legislative frameworks and the regulatory landscape for cyber security including Data Protection Act 2018, Network Information System Directive 2018, Regulation of Investigatory Powers Act 2000, ISO 27001.

K49 Approaches to incident response and management including escalation and investigation of cyber security breaches and their root cause.

K50 Ethical principles and codes of good practice of at least one significant cyber security professional body and the ethical responsibilities of a cyber security professional.

K51 Principles of common security architectures and methodologies.

K52 Approaches to deployment of cyber security technology components in digital systems to provide security functionality. For example, hardware and software to implement security controls.



Skills

S40 Discover, identify and analyse security threats, attack techniques and vulnerabilities and recommend mitigation and security controls.

S42 Recommend improvements to the cyber security approaches of an organisation based on research into future potential cyber threats and considering threat trends.

The module will be delivered in a Blended Learning Mode consisting of face to face, online and guided learning sessions.¿

¿

Teaching sessions will blend theory and practical learning and most importantly where possible contextualised in your workplace as part of your apprenticeship. Learners will be introduced to curriculum concepts and ideas and will then be able to apply theory to practical examples. In addition, students will be provided with a range of resources for independent study such as case studies, academic papers, and industry case studies.¿ There will be a mixture of practical and theoretical formative (mock or practice) exercises which will help students build knowledge and confidence in preparation for summative (formal) assessment.¿

¿

The delivery will be delivered as follows:¿

¿

Module Launch week: 12 hours.¿

There will be a module launch session consisting of up to 12 hours face to face contact time devoted to developing your understanding of the core purpose and assessment of the module.¿ Learners will be presented with details of how the learning will be structure and how to access to the learning materials for the remainder of the module.¿

¿

Structured Learning Sessions: 15 hours¿

Following the module launch week you will have a further 15 hours of contact time as a class with the module team.¿ This will typically be as 10 x 1.5-hour online classes which will be a combination of activities including lectures, demonstrations, discussions, tutorials and seminars.¿ Some sessions are likely to be in flipped classroom style, where you will be expected to watch online recordings, read materials, or respond to practical activities in preparation for active engagement with problem solving in the online session.¿

¿

1:1 Progress Checks: 1 hour¿

As a Blended Learner understanding your progress can be a challenge so you are allocated an hour of 1:1 time with your tutor (typically 3 x 20 minute).¿ Some of these may be in small groups if appropriate.¿ These sessions may be used to discuss key topics, troubleshoot solutions, review working drafts etc.¿

¿

Guided Independent Learning: 178 hours.¿

The module leader will provide resources through the virtual learning environment which will include videos and presentations as well as links to useful websites and other resources.¿ Additional academic learning will be achieved through reading around the subject area, module tutors will suggest useful texts, though many others will be suitable and can be found in our e-library. You should also draw on the expertise in your workplace via your workplace mentor and other colleagues.¿ If you require help understanding any of the concepts, you should contact your module tutor for assistance.¿

As an apprentice you are constantly developing your Digital Skills as part of your substantial role, and this applies to the development of the knowledge for your modules too.¿ In some cases, there will be a significant cross over between the module content and your workplace experience to data and in others less so depending on the nature of your workplace duties, this will have a direct impact on to the number of Independent Learning required.¿

¿

Within the Independent learning time you will be expected to complete your assignments, as a guide a typical module assignment should take around 60 hours to complete.¿

1. Explain and analyse the stages required by an ethical hacker to compromise a target.¿

2. Critically evaluate security measures implemented on a target system in both a theoretical and practical manner.¿

3. Demonstrate a critical knowledge of the tools, methods and procedures used with a secured network and host environment.¿

4. Demonstrate knowledge of the tools, methods and techniques used by penetration testers in conducting hacking activities.¿

5. Demonstrate practical ability and understanding of the use of industry-standard hacking tools and techniques against both a networked environment and a single-host target.¿

Lyon, G. (2008) NMAP Network Scanning.¿

¿

Dieterle, D. (2018) Basic Security Testing with Kali Linux¿

¿

Shatob, R. (2021) Penetration Testing: Step-by-Step Guide¿

¿

Hadnagy, C. (2018) Social Engineering: The Science of Human Hacking¿

VMWare Workstation

On this module you will study computer systems and network infrastructure as an attractive target to attackers. Hackers often manipulate software vulnerabilities and poor configuration to successfully gain access and steal information. To secure a system it is essential for computer security professionals to understand the structure, configuration, tools and techniques that hackers rely upon to successfully commit their act. It is also important to test the network regularly and discover any vulnerability due to miss configuration or poor patching.