Defensive Security 1 
  I: Administrative Information   II: Course Details   III: Topical Outline(s)  Printable Version
Section I: Administrative Information
  Total hours: 42.0
Credit Value: 3.0
Credit Value Notes: N/A
Effective: Fall 2022
Prerequisites: INFO70240
Corequisites: N/A
Equivalents: N/A
Pre/Co/Equiv Notes: N/A

Program(s): Cyber Security - Defensive
Program Coordinator(s): N/A
Course Leader or Contact: N/A
Version: 20220906_00
Status: Approved (APPR)

Section I Notes: Access to course materials and assignments will be available on Sheridan's Learning and Teaching Environment (SLATE). Students will need reliable access to a computer and the internet.

Section II: Course Details

Detailed Description
In this course, students will explore and apply the concepts of cyber security risks, threats, attack vectors, and incident response fundamentals. Students will perform log capturing and analysis using security information event management (SIEM). Students will implement malware analysis using various open-source tools and will be able to explain and show how to collect evidence from various technology systems for testing. From real-life incident scenarios, students will also learn how to drive incident response processes to contain cyber security attacks. By the end of this course, students will be positioned to adopt advanced security practices and proactive approaches to minimize risk and reduce attack surfaces in their businesses and companies.

Program Context

Cyber Security - Defensive Program Coordinator(s): N/A
Micro-Credential: Cybersecurity- Defensive Security

Course Critical Performance and Learning Outcomes

  Critical Performance:
By the end of this course, students will be able to understand and execute the processes, skills, and tools of incident response and will be able to respond to, contain, and remediate cyberattacks.
Learning Outcomes:

To achieve the critical performance, students will have demonstrated the ability to:

  1. Using security information event management (SIEM) list the components of an incident response program including attack vector analysis, incident response fundamentals, management strategies, processes, and playbooks to detect and respond to a cyber incident.
  2. Identify the roles and duties within Security Operations (Sec Ops), appraise the requirement of gathering security metrics; and produce analysis and reports from it.
  3. Conduct digital forensics, illustrating the rules of evidence and chain of custody, evidence collection, handling, and dissemination.
  4. Conduct malware analysis using open-source tools and intelligence (OSINT).
  5. Respond to, contain, and remediate cyber-attacks, with the help of some sample real-life cyber incidents' analysis
  6. Showcase opportunities of incident response process refinement, conduct post-mortem and lessons learned activities; and adapt to a zero trust model.

Evaluation Plan
Students demonstrate their learning in the following ways:

 Evaluation Plan: ONLINE
 Assignment 115.0%
 Assignment 215.0%
 Mid-Term Exam20.0%
 Assignment 315.0%
 Assignment 415.0%
 Final Exam20.0%

Evaluation Notes and Academic Missed Work Procedure:
TEST AND ASSIGNMENT PROTOCOL The following protocol applies to every course offered by Continuing and Professional Studies. 1. Students are responsible for staying abreast of test dates and times, as well as due dates and any special instructions for submitting assignments and projects as supplied to the class by the instructor. 2. Students must write all tests at the specified date and time. Missed tests, in-class/online activities, assignments and presentations are awarded a mark of zero. The penalty for late submission of written assignments is a loss of 10% per day for up to five business days (excluding Sundays and statutory holidays), after which, a grade of zero is assigned. Business days include any day that the college is open for business, whether the student has scheduled classes that day or not. An extension or make-up opportunity may be approved by the instructor at his or her discretion.

Provincial Context
The course meets the following Ministry of Colleges and Universities requirements:


Essential Employability Skills
Essential Employability Skills emphasized in the course:

  • Communication Skills - Communicate clearly, concisely and correctly in the written, spoken, visual form that fulfills the purpose and meets the needs of the audience.
  • Critical Thinking & Problem Solving Skills - Use a variety of thinking skills to anticipate and solve problems.
  • Information Management - Locate, select, organize and document information using appropriate technology and information systems.
  • Personal Skills - Manage the use of time and other resources to complete projects.

Prior Learning Assessment and Recognition
PLAR Contact (if course is PLAR-eligible) - Office of the Registrar

  • Not Eligible for PLAR

Section III: Topical Outline
Some details of this outline may change as a result of circumstances such as weather cancellations, College and student activities, and class timetabling.
Instruction Mode: Online
Professor: N/A
RequiredTextbookApplied Incident Response, Steve Anson, Wiley, ISBN 9781119560265, 2020
RequiredTextbookDigital Forensics and Incident Response, Gerard Johansen, Packt Publishing/ O'Reilly, Second Edition, ISBN 9781838649005, 2020
OptionalWebsite Blue Teams Academy Training

Applicable student group(s): FCAPS- Cyber Security Defensive Micro-credential
Course Details:

Module 1: Introduction to Defensive Security

Cyber security risk

CIA triad

Types of controls

Definition of incident

ATT&CK and D3FEND matrices

(Incident response playbook – 15%)


Module 2: Cyber Security and Incident Response

Continuous monitoring


SIEM and end-to-end detection

(SIEM report – 15%)


Module 3: Digital Forensics

Chain of custody and admissibility

Evidence collecting

Enriching digital forensics

Aggregating data from multiple systems

(Mid-term exam – 20%)


Module 4: Malware Analysis

What is it and why is it relevant?

How to conduct malware analysis

OSINT and community intelligence gathering

(Malware analysis – 15%)


Module 5: Incident Response Handling

End-to-end process

Real-life incidents and simulations

Incident response reports

(Incident response report – 15%)


Module 6: Learning from Incident Responses

Post-mortem analysis

Zero trust model

Attack surface reduction and improvement

(Final exam – 20%)


Sheridan Policies

All Sheridan policies can be viewed on the Sheridan policy website.

Academic Integrity: The principle of academic integrity requires that all work submitted for evaluation and course credit be the original, unassisted work of the student. Cheating or plagiarism including borrowing, copying, purchasing or collaborating on work, except for group projects arranged and approved by the professor, or otherwise submitting work that is not the student's own, violates this principle and will not be tolerated. Students who have any questions regarding whether or not specific circumstances involve a breach of academic integrity are advised to review the Academic Integrity Policy and procedure and/or discuss them with the professor.

Copyright: A majority of the course lectures and materials provided in class and posted in SLATE are protected by copyright. Use of these materials must comply with the Acceptable Use Policy, Use of Copyright Protected Work Policy and Student Code of Conduct. Students may use, copy and share these materials for learning and/or research purposes provided that the use complies with fair dealing or an exception in the Copyright Act. Permission from the rights holder would be necessary otherwise. Please note that it is prohibited to reproduce and/or post a work that is not your own on third-party commercial websites including but not limited to Course Hero or OneNote. It is also prohibited to reproduce and/or post a work that is not your own or your own work with the intent to assist others in cheating on third-party commercial websites including but not limited to Course Hero or OneNote.

Intellectual Property: Sheridan's Intellectual Property Policy generally applies such that students own their own work. Please be advised that students working with external research and/or industry collaborators may be asked to sign agreements that waive or modify their IP rights. Please refer to Sheridan's IP Policy and Procedure.

Respectful Behaviour: Sheridan is committed to provide a learning environment that supports academic achievement by respecting the dignity, self-esteem and fair treatment of every person engaged in the learning process. Behaviour which is inconsistent with this principle will not be tolerated. Details of Sheridan's policy on Harassment and Discrimination, Academic Integrity and other academic policies are available on the Sheridan policy website.

Accessible Learning: Accessible Learning coordinates academic accommodations for students with disabilities. For more information or to register, please see the Accessible Learning website (Statement added September 2016)

Course Outline Changes: The information contained in this Course Outline including but not limited to faculty and program information and course description is subject to change without notice. Any changes to course curriculum and/or assessment shall adhere to approved Sheridan protocol. Nothing in this Course Outline should be viewed as a representation, offer and/or warranty. Students are responsible for reading the Important Notice and Disclaimer which applies to Programs and Courses.

[ Printable Version ]

Copyright © Sheridan College. All rights reserved.