Secure Information and Event Management

Description

SIEM explores the concept of, and software solutions associated with Secure Information and Event Management. SIEM provides and organisation with an overall view of what is happening on IT infrastructure in real-time and helps IT teams to be more proactive in the fight against security threats. SIEM is also a recognised industry acronym associated with cybersecurity. This module will examine data collection and forensics, user activity, alert management and reporting giving IT professionals the knowledge to respond quickly and efficiently to cyberattack incidences. 

The module also examine cybersecurity best practice implementations around the Mitre ATT&CK Framework and Lockheed Martin’s Cyber Kill Chain Model.  Case studies examining the implementation of cybersecurity controls are an essential element of this module.

Learning Outcomes

  1. Explain concepts of SIEM as part of overall cyber security 

  2. Apply knowledge of the legal requirements of protecting organisational data 

  3. Design effective reports for organisational compliance requirements 

  4. Evaluate the tools used for data analytics and visualisation 

  5. Evaluate and compare SIEM platforms 

  6. Use threat intelligence to understand the risk to organisational data and infrastructure.

  7. Apply matrix solutions for threat hunting

  8. Interpret the organised approaches to manage the aftermath of a security breach or cyberattack

  9. Deploy multiple collection agents to gather security-related events from end-user devices, servers and network equipment

Credits
10
% Coursework 100%