Transcription

2016 SuiteCambridge TECHNICALS LEVEL 3ITUnit 3Cyber securityY/507/5001Guided learning hours: 60Version 3 - revised September 2016ocr.org.uk/it

Version 3: Issued September 2016First teaching September 2016LEVEL 3UNIT 3: Cyber securityY/507/5001Guided learning hours: 60Essential resources required for this unit: noneThis unit is externally assessed by an OCR set and marked examination.UNIT AIMThe need for secure digital systems is more crucial than ever before. We rely oncomputerised systems and networks to collect, process, store and transfer vast amountsof data and to control critical systems such as water and power supplies. Business and ecommerce can be undertaken twenty four hours a day, seven days a week andtelecommunications enable us to keep in touch with family and friends and collaborate withcolleagues at any time. Mobile devices offer us freedom and flexibility of where and howwe learn and work. However, for all the advantages that these systems offer us, somepeople have found ways to exploit them and this poses a threat to our safety and securityin the real world, as much as in the cyber world. To deal with this problem the cybersecurity industry is expanding at a rapid rate.This unit has been designed to enable you to gain knowledge and understanding of therange of threats, vulnerabilities and risks that impact on both individuals and organisations.You will learn about the solutions that can be used to prevent or deal with cyber securityincidents resulting from these challenges. You will be able to apply your knowledge andunderstanding of cyber security issues and solutions by reviewing and makingrecommendations for ways to best protect digital systems and information.Learning within this unit will also support the delivery of the Cisco Cyber Security andCompTIA A , CompTIA Security , CompTIA Mobility qualifications. The unit also makesreference to UK government cyber security initiatives, for example, the UK government’sThe UK Cyber Security Strategy, Cyber Essentials Scheme, 10 Steps Strategy, and CyberStreetwise. OCR 20162Unit 3: Cyber security

Version 3: Issued September 2016First teaching September 2016TEACHING CONTENTThe teaching content in every unit states what has to be taught to ensure that learners are able to access the highest grades.Anything which follows an i.e. details what must be taught as part of that area of content. Anything which follows an e.g. is illustrative.For externally assessed units, where the content contains i.e. and e.g. under specific areas of content, the following rules will be adhered to when we setquestions for an exam: a direct question may be asked about unit content which follows an i.e. where unit content is shown as an e.g. a direct question will not be asked about that example.Learners are expected to keep up-to-date with the latest developments, innovations and new approaches in cyber security when acquiring knowledge andunderstanding of this unit content.ExemplificationLearning outcomesTeaching contentThe Learner will:Learners must be taught:1. Understand what is meantby cyber security1.1 Cyber security aims to protect information, i.e.: confidentiality integrity availability1.2 Types of cyber security incidents, i.e.:unauthorised access including hacking, escalationof privileges information disclosure including personalinformation, government information modification of data inaccessible data including account lockout, denialof service destruction including using malware, deliberateerasure theft including identity, finance, military secrets OCR 20163Learners should know what is meant by the term cybersecurity. They should know about digital systems andunderstand why the information stored on them needs tobe kept secure at all times.Leaners should know about the types and nature ofcyber security incidents that affect individuals, states andorganisations.Unit 3: Cyber security

Version 3: Issued September 2016First teaching September 2016Learning outcomesTeaching contentThe Learner will:Learners must be taught:Exemplification1.3 The importance of cyber security, i.e.: the need to protect personal data (e.g. health,financial, national insurance) the need to protect an organisation’s data (e.g.financial, research, development plans) the need to protect a state’s data (e.g. economicdata, national security)2. Understand the issuessurrounding cyber security2.1 Threats to cyber security, i.e. vulnerabilitieso system attackso physical threatso environmental accidental intentional organised crime state sponsoredLearners should know about the wide range of threats tocyber security including those threats that are accidentalor intentional.Learners should know about the types of attacker, theircharacteristics and their motivations.2.2 Types of attackers, i.e.: hacktivist cyber-criminal insider script kiddie vulnerability broker scammers phishers cyber-terrorists characteristics including age, location, social group2.3 Motivation for attackers, i.e.: espionage righting perceived wrongs OCR 20164Unit 3: Cyber security

Version 3: Issued September 2016First teaching September 2016Learning outcomesTeaching contentThe Learner will:Learners must be taught: Exemplificationpublicityfraudscore settlingpublic goodthrillincome generation2.4 Targets for cyber security threats, i.e.: people organisations equipment information methods that can be used during an attack2.5 Impacts of cyber security incidents, i.e.: global problem, individuals, organisations andstates loss including confidentiality, integrity, availability,data, finance, business, identity, reputation,customer confidence disruption including people’s lives, business,industry, transport, industry, the media, utilities safety including identity theft, oil installations, trafficcontrol2.6 Other considerations of cyber security, i.e.: ethical legal operational implications for stakeholders OCR 20165Learner should know about the different targets for cybersecurity threats and how these threats might manifestthemselves.This should lead to an understanding of the possibleimpacts from cyber security incidents and how theseaffect different stakeholders in a variety of different ways.Learners should know about other cyber securityconsiderations.This should lead to an understanding of the implicationsfor different stakeholders in this wider context.Learners should be aware of the latest or most up-toUnit 3: Cyber security

Version 3: Issued September 2016First teaching September 2016Learning outcomesTeaching contentThe Learner will:Learners must be taught:Exemplificationdate versions of legislation3. Understand measures usedto protect against cybersecurity incidents3.1 Cyber security risk management, i.e.: identify assets and analyse risks mitigate risks by:o testing for potential vulnerabilities monitoring and controlling systems protect vulnerabilities cost/benefit3.2 Testing and monitoring measures, i.e.: vulnerability testing including penetration testing,fuzzing, security functionality, sandboxing intrusion detection systems (IDS) including networkintrusion detection systems (NIDS), host intrusiondetection systems (HIDS), distributed intrusiondetection system (DIDS), anomaly-based,signature-based, honeypots intrusion prevention systems (IPS) emerging technologies effectiveness3.3 Cyber security controls (access controls), i.e.: physical including biometric access, swipe cards,alarms hardware including cable locks, safes software including firewalls, anti-malware, operatingsystem updates, patch management data including in use, at rest, in-transit, in the cloud encryption including disks, databases, files,removable media, mobile devices cryptography OCR 20166Learners should know about the various measures thatshould be taken to manage cyber security.This should lead to an understanding of, and justificationfor, different measures that can be taken in a givencontext.Learners should know about different testing andmonitoring measures that can be used to test forvulnerabilities.This should lead to an understanding and justification ofthe effectiveness of different measures in a givencontext.Learners should know about the different securitycontrols and their characteristics.This should lead to an understanding and justification ofthe effectiveness of different controls in a given context.Unit 3: Cyber security

Version 3: Issued September 2016First teaching September 2016Learning outcomesTeaching contentThe Learner will:Learners must be taught: 4. Understand how to managecyber security incidents. OCR 2016Exemplificationdevices including. hard drives, external drives,USBsprocedures including access management, databackup, remote working, device management, useraccounts and permissions, awareness and trainingemerging technologiescharacteristics4.1 Responding to an incident, i.e.: know responsibilities know who to contact know procedures know the extent of the incident contain the incident eradicate the incident reduce the impact of the incident recover from the incident confirm the system is functioning normallyLearners should know about different procedures thatshould be followed in the event of a cyber securityincident. This may include conducting investigations orbeing subject to an investigation.4.2 Cyber security incident report, i.e.: incident title and date of incident target of the incident incident category, i.e.:o criticalo significanto minoro negligible description of the incident type of attacker(s) purpose of incident techniques used by the attacker(s) capability of attacker(s)Learners should know the various stages of investigationthat should be undertaken should a cyber securityincident occur.7This should lead into an understanding and justificationof why certain procedures should be taken in a givencontext.This should lead to an understanding of, and justificationfor decisions that must be taken in a given context.It is possible learners will be asked to complete sectionsof a cyber security report as part of the examination forthis unit.Unit 3: Cyber security

Version 3: Issued September 2016First teaching September 2016Learning outcomesTeaching contentThe Learner will:Learners must be taught: Exemplificationimpact of the incident on business, data, recoverytimecost of the incidentresponses neededfuture managemento review (of incident)o evaluation to include identification of trendso update of documentation, key information,procedures and controlso recommendations of changesLEARNING OUTCOME (LO) WEIGHTINGSEach learning outcome in this unit has been given a percentage weighting. This reflects the size and demand of the content you need to cover and itscontribution to the overall understanding of this unit. See table below:LO15-15%LO235-45%LO320-30%LO410-20% OCR 20168Unit 3: Cyber security

Version 3: Issued September 2016First teaching September 2016ASSESSMENT GUIDANCEAll LOs are assessed through externally set written examination papers, worth a maximum of 60, marks and 1 hour in duration.Learners should study the meaning of cyber security and gain an understanding of its overall purpose. They should study the wide variety of issuessurrounding cyber security and the measures that are used to protect against cyber security incidents. Breaches in cyber security can cause serious issuesto individuals and organisations and, therefore, learners should have a good understanding of how to manage cyber security incidents.Exam papers for this unit will include a pre-released case study. The paper will include questions associated with the pre-released case study as well asquestions to demonstrate a more general understanding of the subject. Questions will provide sufficient information to support the application andinterpretation of the taught content of the unit. During the external assessment, learners will be expected to demonstrate their understanding throughquestions that require the skills of analysis and evaluation in particular contexts.Some providers for the industry qualifications offer quizzes, tests and assessments. Reference to these websites may support knowledge and ITY SKILLSEmployability skillsCommunicationCritical thinkingDecision making OCR 2016Learning outcomeLO4LO1, LO2, LO3, LO4LO1, LO2, LO3, LO49Unit 3: Cyber security

Version 3: Issued September 2016First teaching September 2016MEANINGFUL EMPLOYER INVOLVEMENT - a requirement for the Diploma (Tech Level) qualificationsThe ‘Diploma’ qualifications have been designed to be recognised as Tech Levels in performance tables in England. It is a requirement of thesequalifications for centres to secure for every learner employer involvement through delivery and/or assessment of these qualifications.The minimum amount of employer involvement must relate to at least one or more of the elements of the mandatory content. This unit is a mandatory unit inall specialist pathways in the Level 3 Cambridge Technical Diploma in IT (720 GLH) and the Level 3 Cambridge Technical Extended Diploma in IT (1080GLH).Eligible activities and suggestions/ideas that may help you in securing meaningful employer involvement for this unit are given in the table below.Please refer to the Qualification Handbook for further information including a list of activities that are not considered to meet this requirement.Meaningful employer involvement1. Learners undertake structured work-experience or workplacements that develop skills and knowledge relevant tothe qualification.Suggestion/ideas for centres when delivering this unitAs part of a learners work experience they could find out what procedures thebusiness has in place to manage cyber security incidents and how thebusiness protects itself against cyber security incidents (LO3/LO4)3. Learners take one or more units delivered or co-delivered byan industry practitioner(s). This could take the form ofmaster classes or guest lectures.An Industry Practitioner could be used to present a guest lecture on how theymanage cyber security in their company (LO3). OCR 201610Unit 3: Cyber security

To find out moreocr.org.uk/itor call our Customer Contact Centre on 02476 851509Alternatively, you can email us on [email protected] Cambridge and RSAOCR is part of Cambridge Assessment, a department of the University of Cambridge.For staff training purposes and as part of our quality assurance programme your call may be recorded or monitored. OCR 2015 Oxford Cambridge and RSAExaminations is a Company Limited by Guarantee. Registered in England. Registered office 1 Hills Road, Cambridge CB1 2EU. Registered company number 3484466.OCR is an exempt charity.

Learning within this unit will also support the delivery of the Cisco Cyber Security and CompTIA A , CompTIA Security , CompTIA Mobility qualifications. The unit also makes reference to UK government cyber security initiatives, for example, the UK government's The UK Cyber Security Strategy, Cyber Essentials Scheme, 10 Steps Strategy, and Cyber