Security Operations

Code:

CC4081

Acronym:

CC4081

Level:

400

Keywords
Classification	Keyword
OFICIAL	Computer Science

Instance: 2023/2024 - 1S

Active?	Yes
Responsible unit:	Department of Computer Science
Course/CS Responsible:	Master in Information Security

Cycles of Study/Courses

Acronym	No. of Students	Study Plan	Curricular Years	Credits UCN	Credits ECTS	Contact hours	Total Time
M:SI	22	Study plan since 2020/2021	1	-	6	42	162

Teaching language

Suitable for English-speaking students

Objectives

Security operations are unavoidable in any mid- to large-sized organization, either through internal security operations centers or through outsourcing, and this course covers the specifics of how security operations centers work. The students are expected to acquire a thorough understanding of the major organizational aspects of an operations center, of the information system architectures used currently in security operations centers, and of challenges and future approaches for security operations centers.

Learning outcomes and competences

At the end of this course the student should be able to:
1) understand the organizational structure of a security operations center and be familiarized with the different security strategies that can be implemented;
2) define an information systems architecture for the security operations center of a given organization and be aware of the different options for the components of such an architecture;
3) take in new concepts and advanced topics that constantly emerge in the area of operations security.

Working method

Presencial

Program

1. Organizational structure of security operations:

• Security Operations Center (SOC)


• Functions and objectives of the SOC


• Positioning within the organization


• Comparison with other operations centers.

2. Operations security strategy:

• Attacker tactics, techniques and procedures (TTP)


• Incident response, asset prioritization

3. Information system architecture of a SOC:

• Collection of records of use of services and applications


• OSINT open source information


• Active vulnerability search; SIEM event representation


• Sharing of MISP information.

4. Advanced Topics in Security Operations:

• Data selection and choice of sensor positioning


• Automation of security operations

Mandatory literature

Nathans, D.; Designing and Building a Security Operations Center (1st ed.). ISBN: 2014. ISBN: ISBN 978-0-128-00899-7
Zimmerman, C; Ten Strategies of a World-Class Cybersecurity Operations Center. MITRE Corporation.. ISBN: 2014. ISBN: ISBN 978-0-692-24310-7

Teaching methods and learning activities

The teaching methodology is based on:
1) discussion of the organizational and architectural concepts of SOC, as well as advanced topics in security operations, case studies, and research of information available on the Internet;
2) specification, development, testing, and performance characterization of components and parts of an SCO architecture using the technologies and concepts discussed in the UC.

Evaluation Type

Distributed evaluation with final exam

Assessment Components

designation	Weight (%)
Exame	60,00
Trabalho prático ou de projeto	40,00
Total:	100,00

Amount of time allocated to each course unit

designation	Time (hours)
Estudo autónomo	40,00
Frequência das aulas	56,00
Trabalho laboratorial	66,00
Total:	162,00

Eligibility for exams

Pass thresholds

• Lab project > 9,5

Calculation formula of final grade

if Exam < 9,5 : Final Classification = not approved
if Exam >= 9,5 : Final Classification = 0,4 PL + 0,6 ET

where PL is the Project and ET the grade of the final exam.