This module focuses on equipping students with the skills necessary to effectively monitor and manage security systems within an organizational context. By the end of the module, students will gain a thorough understanding of security monitoring and administration, including the importance of overseeing network and system performance, identifying potential threats, and securing access to systems and resources. Key learning outcomes include the ability to explain the significance of security monitoring, monitor system and network performance, detect and address threats, and ensure proper access control.
The module covers various aspects of monitoring, such as system health, logs, network flows, and packet monitoring. It delves into privilege access monitoring, continuous monitoring for anomaly detection, and compliance monitoring. Students will also learn about centralized logging and monitoring, as well as how to identify false positives and negatives. An introduction to monitoring tools and technologies like Nagios, Wireshark, SNMP, NetFlow, and QFlow will be provided. Additionally, the module will cover change request management and incident identification and classification, preparing students to handle real-world security challenges effectively.