What you will learn

• Explain what is meant by data and protocol and how they relate to each other
• Describe an example data format and a simple protocol in current use (using protocol diagrams)
• Describe example failure modes in protocols
• Describe at least one approach to error control in a network
• Describe the main features of network protocols in widespread use on the Internet, their purpose and relationship to each other in a layered model
• Describe the main routing protocols in current use in computer networks and explain the differences between static and dynamic routing protocols and the pros and cons of each in different circumstances
• Explain some of the main factors that affect network performance and propose ways to improve perf

What you will learn

• Explain why information and cyber security is important to business and society
• Explain basic concepts: security, identity, confidentiality, integrity, availability, threat, vulnerability, risk & hazard
• Explain how the concepts of threat, hazard and vulnerability relate to each other and lead to risk
• Explain what penetration testing (‘ethical hacking’) is and how it contributes to assurance
• Apply basic security concepts to develop security requirements
• Describe some common vulnerabilities in computer networks and systems (for example, non-secure coding and unprotected networks)
• Describe the main types of common attack techniques (for example: phishing, social engineering, malware, network interception, blended techniques e.g. ‘advanced persistent threat’, denial of service, theft)
• Describe legal standards, regulations and ethical standards relevant to cyber security

What you will learn

• Risk assessment theory including principles and terminology associated with risk, key steps in risk management, qualitative and quantitative approaches to risk assessment and presenting the results of risk assessment
• Risk assessment threats and vulnerabilities
• Risk assessment standards including methodologies and frameworks, as well as their differences and similarities and how to apply risk methodologies and frameworks
• Risk assessment practice including the application of methodologies and frameworks in organisations, comparing approaches to treating risk and the role of the risk owner by comparison with other stakeholders

What you will learn

• Governance and the need, purpose and implementation of it. This includes why it’s necessary to manage information security, information management security structures, how structures operate together to deliver security outcomes and how legislation and regulation can be implemented to meet information security risks
• Access control support for governance, including how effective management of identity supports an organisation’s security policies, standards and governance
• Policies and procedures in different organisational environments, including the factors that shape the environment, types of organisations and sectors and how this has an impact on security management, regulations, and GDPR
• Security expert roles and information providers including key characteristics of roles, main professional qualifications, external specialists, security teams and the purpose of security intelligence
• Legal framework including how legislation interacts to support security, privacy and data protection. Another factor is the consideration of the key security standards that impact information security
• Applying ISO 27001:2013 including ISMS, the standard key concepts, achieving certification and the benefits of certification.
• Security breach notification including reporting to the Information Commissioner’s Office, and it’s relation to UK Data Protection Act and GDPR