Indicative Content:

Introduction to software security assessment
Programming Basics (Building Blocks)

Common Software Vulnerabilities
Assembly Language and Machine Code
Introduction to Malicious Software

Software Debugging
Malware Analysis Techniques
Static Analysis
Dynamic Analysis
Malware creation and armouring / obfuscation
Infection Vectors
Payload generation.



This module will support the development and assessment of the following Core Knowledge, Skills and Behaviours from the DTSP Apprenticeship Standard:

Knowledge

K3 Principles of estimating the risks and opportunities of digital and technology solutions.

K11 The nature and scope of common vulnerabilities in digital and technology solutions. For example, the risks of unsecure coding and unprotected networks

Skills

S2 Identify risks, determine mitigation strategies and opportunities for improvement in a digital and technology solutions project.

S3 Analyse a business problem to specify an appropriate digital and technology solution.

S5 Apply relevant standard processes, methods, techniques and tools. For example, ISO Standards, Waterfall, Agile in a digital and technology solution project.

S9 Apply relevant security and resilience techniques to a digital and technology solution for example: risk assessments, mitigation strategies.

S15 Apply relevant legal, ethical, social and professional standards to a digital and technology solution.

Behaviours

B3 Acts with integrity with respect to ethical, legal and regulatory requirements ensuring the protection of personal data, safety and security.



This module will support the development and assessment of the following Specialist Route Knowledge, Skills and Behaviours from the DTSP Apprenticeship Standard:



Cyber Security Analyst

Knowledge

K45 Principles of cyber security tools and techniques.

K46 Principles of quantitative and qualitative risk management theory including the role of risk stakeholders.

K47 Concepts and approaches to cyber security assurance

K48 Key legislative frameworks and the regulatory landscape for cyber security including Data Protection Act 2018, Network Information System Directive 2018, Regulation of Investigatory Powers Act 2000, ISO 27001.

K59 Ethical principles and codes of good practice of at least one significant cyber security professional body and the ethical responsibilities of a cyber security professional.

K51 Principles of common security architectures and methodologies.

K52 Approaches to deployment of cyber security technology components in digital systems to provide security functionality. For example, hardware and software to implement security controls.



Skills

S40 Discover, identify and analyse security threats, attack techniques and vulnerabilities and recommend mitigation and security controls.

S41 Undertake security risk assessments for complex systems without direct supervision and propose a remediation strategy relevant to the context of the organisation.

S42 Recommend improvements to the cyber security approaches of an organisation based on research into future potential cyber threats and considering threat trends.

S43 Manage cyber security risk.

S44 Use appropriate cyber security technology, tools and techniques in relation to the risks identified.

S45 Lead cyber security awareness campaigns and evaluate their effectiveness.

S46 Analyse cyber security requirements against other design requirements for systems or products, identify conflicting requirements and recommend appropriate solutions with clear explanation of costs and benefits.

S47 Lead the design and build of systems in accordance with a security case to address organisational challenges.

ASSESSMENT 1: A 1hr examination assessing tools, techniques, technologies and topics within Malware Analysis.

Learning Outcomes 1,2, 4



Assessing the following KSBs

Cyber Security Analyst

K Knowledge

K45 Principles of cyber security tools and techniques.

K46 Principles of quantitative and qualitative risk management theory including the role of risk stakeholders.

K47 Concepts and approaches to cyber security assurance

K51 Principles of common security architectures and methodologies.

K52 Approaches to deployment of cyber security technology components in digital systems to provide security functionality. For example, hardware and software to implement security controls.

Skills

S40 Discover, identify and analyse security threats, attack techniques and vulnerabilities and recommend mitigation and security controls.

S41 Undertake security risk assessments for complex systems without direct supervision and propose a remediation strategy relevant to the context of the organisation.



ASSESSMENT 2: an analysis of an inert malware sample, and a report detailing an employer contextualised response to the findings.

Learning Outcomes 1,2,3, 4



Assessing the following KSBs

Cyber Security Analyst

Knowledge

K45 Principles of cyber security tools and techniques.

K46 Principles of quantitative and qualitative risk management theory including the role of risk stakeholders.

K47 Concepts and approaches to cyber security assurance

K48 Key legislative frameworks and the regulatory landscape for cyber security including Data Protection Act 2018, Network Information System Directive 2018, Regulation of Investigatory Powers Act 2000, ISO 27001.

K51 Principles of common security architectures and methodologies.

K52 Approaches to deployment of cyber security technology components in digital systems to provide security functionality. For example, hardware and software to implement security controls.

Skills

S41 Discover, identify and analyse security threats, attack techniques and vulnerabilities and recommend mitigation and security controls.

S42 Undertake security risk assessments for complex systems without direct supervision and propose a remediation strategy relevant to the context of the organisation.

S44 Manage cyber security risk.

S45 Lead cyber security awareness campaigns and evaluate their effectiveness.

S46 Analyse cyber security requirements against other design requirements for systems or products, identify conflicting requirements and recommend appropriate solutions with clear explanation of costs and benefits.

The module will be delivered in a Blended Learning Mode consisting of face to face, online and guided learning sessions.¿

¿

Teaching sessions will blend theory and practical learning and most importantly where possible contextualised in your workplace as part of your apprenticeship. Learners will be introduced to curriculum concepts and ideas and will then be able to apply theory to practical examples. In addition, students will be provided with a range of resources for independent study such as case studies, academic papers, and industry case studies.¿ There will be a mixture of practical and theoretical formative (mock or practice) exercises which will help students build knowledge and confidence in preparation for summative (formal) assessment.¿

¿

The delivery will be delivered as follows:¿

¿

Module Launch week: 12 hours.¿

There will be a module launch session consisting of up to 12 hours face to face contact time devoted to developing your understanding of the core purpose and assessment of the module.¿ Learners will be presented with details of how the learning will be structure and how to access to the learning materials for the remainder of the module.¿

¿

Structured Learning Sessions: 15 hours¿

Following the module launch week you will have a further 15 hours of contact time as a class with the module team.¿ This will typically be as 10 x 1.5-hour online classes which will be a combination of activities including lectures, demonstrations, discussions, tutorials and seminars.¿ Some sessions are likely to be in flipped classroom style, where you will be expected to watch online recordings, read materials, or respond to practical activities in preparation for active engagement with problem solving in the online session.¿

¿

1:1 Progress Checks: 1 hour¿

As a Blended Learner understanding your progress can be a challenge so you are allocated an hour of 1:1 time with your tutor (typically 3 x 20 minute).¿ Some of these may be in small groups if appropriate.¿ These sessions may be used to discuss key topics, troubleshoot solutions, review working drafts etc.¿

¿

Guided Independent Learning: 178 hours.¿

The module leader will provide resources through the virtual learning environment which will include videos and presentations as well as links to useful websites and other resources.¿ Additional academic learning will be achieved through reading around the subject area, module tutors will suggest useful texts, though many others will be suitable and can be found in our e-library. You should also draw on the expertise in your workplace via your workplace mentor and other colleagues.¿ If you require help understanding any of the concepts, you should contact your module tutor for assistance.¿

As an apprentice you are constantly developing your Digital Skills as part of your substantial role, and this applies to the development of the knowledge for your modules too.¿ In some cases, there will be a significant cross over between the module content and your workplace experience to data and in others less so depending on the nature of your workplace duties, this will have a direct impact on to the number of Independent Learning required.¿

¿

Within the Independent learning time you will be expected to complete your assignments, as a guide a typical module assignment should take around 60 hours to complete.¿

Demonstrate a thorough understanding of malware, types, infection vectors and defences, as well as analysis methods.

Demonstrate a thorough understanding of Anti-Virus systems and their function

Practically showcase the ability to conduct a range of malware analysis methods and the use of various malware analysis tools and environments

Critically discuss the principles and concepts that underpin malicious software and software-based attacks

Essential:
The Art of Software Security Assessment, Mark Dowd, John McDonald and Justin Schuh, Addison-Wesley, 2007, ISBN 978-0321444424

Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code, Ligh, M., S. Adair, B. Hartstein, M. Richard, 2010, Wiley, ISBN: 978-0470613030

Grey Hat Hacking, Harper, A, S. Harris, J. Ness, C. Eagle, G. Lenkey, T. Williams, 2011, McGraw-Hill, ISBN: 978-0071742559


The Art of Computer Virus Research and Defence, Szor, P., 2005, Addison Wesley, ISBN:0321304543
Mark Dowd and John McDonald and Justin Schuh, The Art of Software Security Assessment, Addison-Wesley, 2007

OECD, Computer Viruses and other Malicious Software, OECD, 2009, ISBN: 978-9264056503


Background:
Computer Security, Gollmann, D., 2010, Wiley, 3rd edition, ISBN: 978-0470741153


Modern Malicious Software: Taxonomy and Advanced Detection Methods, Volynkin, A., 2009, VDM Verlag, ISBN: 978-3639122954

Cuckoo Sandbox

VMWare Workstation

The module will provide you with the ability to undertake assessments of software in various forms and will allow you to determine software from malware. You will be provided with an in-depth understanding of the various forms of malware, and how this is used to infect machines and hide from defenders.