Fundamentals of Cybersecurity:
A fundamentals of cybersecurity course typically covers the basic concepts and principles of protecting information and systems from unauthorised access, use, disclosure, disruption, modification, or destruction. This course provides a broad overview of cyber security and the various threats and attacks organisations and individuals may face. In addition, this course covers the principles of securing computer networks, including firewalls, intrusion detection and prevention systems, and VPNs.
Cryptography is the practice of securing communications using codes and ciphers. The fundamentals of cryptography typically cover the following concepts: Symmetric Key Cryptography: where the same key is used for encryption and decryption. Examples include AES and DES; Asymmetric Key Cryptography: also known as public key cryptography, where a pair of keys are used for encryption and decryption. Examples include RSA and Elliptic Curve Cryptography.
A Network Security course typically covers the principles and practices of protecting computer networks and the devices connected to them from unauthorised access, use, disclosure, disruption, modification, or destruction. Topics that may be covered in such a course include Firewalls and intrusion detection/prevention systems (IDS/IPS), Virtual Private Networks (VPNs), Secure network design and architecture, Network access control (NAC), Remote access security, Wireless network security, Cloud security, Network segmentation and micro-segmentation, Network monitoring and incident response. Additionally, the course may cover hands-on skills for configuring and managing network security devices and software and best practices for securing network infrastructure. It may also cover network security’s legal and compliance aspects, such as compliance with industry regulations and standards like PCI-DSS and HIPAA. Finally, this course may also cover the latest threats, attack vectors and mitigation techniques to keep the network secure.
A Usable Security course typically covers the principles of designing and evaluating security systems that are easy for users to understand and use. Topics that may be covered in such a course include Human factors in security, including how people perceive and respond to security risks, User-centred design and evaluation methods for security systems, Security usability heuristics and guidelines, Techniques for evaluating the usability of security systems, such as user testing and metrics, Strategies for communicating security information to users in clear and effective ways, Social engineering attacks and how to design against them, Security in mobile and web-based systems. The course may also include hands-on activities such as conducting user research, usability testing and creating user interfaces that meet security requirements while still being easy to use.
Cybersecurity Risk Management:
A Cybersecurity Risk Management course typically covers identifying, assessing, and prioritising risks to an organisation’s information assets and developing strategies to mitigate or manage those risks. Topics that may be covered in such a course include Risk management frameworks and methodologies such as NIST, ISO 27001, and COBIT; risk assessment techniques and how to conduct a cybersecurity risk assessment; identifying and evaluating potential threats and vulnerabilities; assess the potential impact of cybersecurity incidents, Developing and implementing risk management plans, including incident response and business continuity planning, Compliance and regulatory requirements related to cybersecurity risk management, Cyber insurance and its role in risk management, Best practices and emerging trends in cybersecurity risk management. The course may also include hands-on activities such as conducting a risk assessment, developing a risk management plan, and simulating a cyber incident. It may also cover the latest threats, attack vectors and mitigation techniques to secure the organisation.
Cybersecurity Incident Management:
A Cybersecurity Incident Management course typically covers identifying, responding to, and recovering from cybersecurity incidents. Topics that may be covered in such a course include Incident response planning and team management; identifying and responding to different types of cybersecurity incidents such as malware, phishing, and data breaches; containment, eradication, and recovery techniques; digital forensics and incident investigation, Communication and reporting during an incident, Compliance and regulatory requirements related to incident management, Best practices and emerging trends in incident management, Conducting incident response exercises and tabletop exercises. In addition, the course may include hands-on activities such as simulating a cybersecurity incident, practising incident response procedures, and conducting a post-incident review. It may also cover the latest threats, attack vectors, and mitigation techniques to secure the organisation.
A Penetration Testing (Pen Testing) course typically covers simulating a cyber-attack on a computer system, network, or web application to evaluate the system’s security. Topics that may be covered in such a course include: Types of penetration testing such as external, internal, web application, and wireless testing; Information gathering and reconnaissance techniques; Vulnerability scanning and analysis; Exploitation techniques and tools; Post-exploitation activities such as privilege escalation and data exfiltration; Report writing and presenting the results to stakeholders; Compliance and regulatory requirements related to penetration testing; Best practices and emerging trends in penetration testing. The course may also include hands-on activities such as conducting a penetration test, using various tools and techniques and analysing the results. It may also cover the latest threats, attack vectors, and mitigation techniques.
Cyber Security Project:
A Cybersecurity Project can refer to a wide range of initiatives that aim to improve the security of an organisation’s information systems and assets. Cybersecurity projects can vary in scope, duration, and complexity depending on the organisation’s specific needs and resources. For example, a project may include multiple phases: planning, design, implementation, testing, and maintenance. It may also require the involvement of various teams within the organisation, such as IT, security, legal, compliance and other departments.
There are a variety of cyber security project topics that could be suitable for diploma-level students, depending on the focus of their program and their interests. Here are a few examples:
It is important to note that those topics are examples. The student should consult with their instructor or supervisor to ensure that the case aligns with the curriculum and is feasible within the time frame of the diploma program.