BTEC Level 4 Unit 10 Cyber Security (M/618/5661) Assignment Brief 2026

Unit 10 Cyber Security Assignment Brief 2026

Introduction

Digital technologies provide an opportunity for malicious hackers and cyberterrorists to exploit individuals, government, institutions and large organisation. Defending against cyber- attacks including insider threats is a priority within the digital technologies sector. Cybercrime techniques and attack vectors are fast- growing taking advantage of the speed, anonymity and convenience of the internet as a facilitator for malicious and criminal activity.

This unit has been designed to develop students’ knowledge and understanding in relation to cyber threats and vulnerabilities, cyber defence techniques and incident response. Students will explore fundamental principles as well as leading- edge concepts, terminologies, models, and hardening methods. Students will assess the types of malicious activity and potential targets, and the role everyone has for maintaining cyber resilience.

On successful completion of the unit, students will have explored the nature of cybercrime and cyber threat actors; looked into the roles and responsibilities in relation to information assurance; assessed the threats to, and vulnerabilities in, ICT infrastructure; and investigated strategic responses to cyber security threats.

Learning Outcomes

By the end of this unit, students will be able to:

LO1 Explore the nature of cybercrime and cyber threat actors

LO2 Investigate cyber security threats and hazards

LO3 Examine the effectiveness of information assurance concepts applied to ICT infrastructure

LO4 Investigate incident response methods to cyber security threats.

Essential Content

LO1 Explore the nature of cybercrime and cyber threat actors

Cyber security – the importance to business and society:

Business and society reliance on technology.

Why technology is a target for cybercrime.

Use of technology in business and society, e.g. email correspondence, financial transactions, networking, collaborative work documents, global modes/means of communication.

Impact of cyber security on protecting business and society.

Risks of not educating end users in security measures with regular updates to users.

Key definitions:

Cybercrime, cyber security, malicious cyber activity, hacker, malware, phishing, cyber resilience.

Cyber threat actors:

For example, cyber terrorists, government- sponsored/state- sponsored actors, organised crime/cybercriminals, ‘hacktivists’, insiders, internal user errors.

Targets:

For example, critical national infrastructure, mainframes, data centres, mobile phones, consumers, individuals, business, websites.

The categorisation of activity:

Active attacks attempt to alter system resources.

Passive attacks, attempts to learn or make use of information from the system without affecting the integrity of targeted systems, e.g. wiretapping.

Attacks can be initiated from inside or outside the perimeters.

Digital systems as ‘target’, e.g. viruses, attacks against hardware and software, malware, ransomware, hacking, distributed denial of service attacks, e.g. malware, mail bombing, pagejacking

Digital systems as a ‘tool’, e.g. cyber- enabled crimes, crimes against children, financial crimes, e.g. fraud, identity theft, information warfare, phishing, spam, propagation of obscene or offensive content.

LO2 Investigate cyber security threats and hazards

Threats and hazards:

Types of threats and hazards to a system, service, process, e.g. cybercriminals, organised crime groups, states and state- sponsored activity, terrorists, ‘hacktivists’, script kiddies, insiders (knowing and accidental).

Threat behaviour.

Missing data encryption.

Global threat landscape.

Individual and business fraud, extortion, trolling, racketeering, illegal sales, embezzlement, cyberstalking, cyber terrorism, industrial espionage, prostitution, gambling, suicide assistance.

Denial- of- service (DoS) and distributed denial- of- service (DDoS) attacks.

Man- in- the- middle (MitM) attacks.

Phishing and spear phishing attacks.

Drive- by attacks.

Password attacks; brute- force, factorying etc.

SQL injection attacks.

Cross- site scripting (XSS) attacks.

Eavesdropping attacks.

Advanced Persistent Threats (APTs).

Hazards and sources of potential damage, harm, adverse effect, e.g. life, political, military, organisational, critical infrastructure, economy, social group, technology, environmental, legal.

Cyber threat intelligence (CTI):

Importance of threat intelligence.

CTI types, including tactical, operational, strategic.

Evidence- based CTI.

Attribution and signs of accountability.

Risk of not acting on intelligence.

Acting on threat intelligence.

Emerging threats:

Horizon scanning, e.g. increased dependency on technology, increased use of robots, quantum technologies, low- orbiting satellites, Internet of Things (IoT), increased threats from developing countries as computer literacy increases.

LO3 Examine the effectiveness of information assurance concepts applied to ICT infrastructure

Information assurance and governance concepts:

Assurance, trustworthy vs trusted, user awareness of security requirements.

Achieving assurance in practice, e.g. penetration testing and contribution to assurance, extrinsic assurance methods.

Definitions and Information Architecture (IA) principles, data, information and IT governance, Information Governance (IG) roles and responsibilities.

Accountability, legal and regulatory applicability and requirements.

Recovery, IG strategic planning and best practices, IG policy development, IG business consideration and legal functions.

IG standardisation and accepted practices, IG auditing and enforcement, monitoring.

Records management and inventorying, IT and data governance frameworks.

IG in the cloud, social media and mobile devices, maintain an IG programme (challenges and opportunities).

ICT infrastructure:

ICT infrastructure, e.g. fundamental building blocks and typical architectures.

Common vulnerabilities in networks and systems.

Hardware, storage, routers/switches, application software, operating systems.

Traditional, cloud or hyper converged IT Infrastructure.

IoT, IIoT and IoMT.

LO4 Investigate incident response methods to cyber security threats

Standards:

International Organization for Standardisation (ISO) e.g. ISO/IEC 27001 Information Security Management, ISO/IEC 27002:2013.

Information technology security techniques, code of practice for information security controls.

Encryption standards, including AES – Advanced Encryption Standard, RSA – Rivest Shamir Adleman, 3DEA – Triple Data Encryption Algorithm, PGP – Pretty Good Privacy, common international encryption laws and policies, e.g. General Right of Encryption, Mandatory Minimum or Maximum Encryption Strength, Licensing/Regulation Requirements, Import/Export Controls, Obligations on Providers to Assist Authorities, Obligations on Individuals to Assist Authorities.

Legislation:

UK specific laws and policies, e.g. Electronic Communications Act (2000), Electronic Signatures Regulations (2002), Wassenaar Arrangement (1996), Regulation of Investigatory Powers Act (2016), International Traffic in Arms Regulations (ITAR), disclosure laws, e.g. Public Interest Disclosure Act (1998), Freedom of Information Act (2000), Data Protection Act (2018), General Data Protection Regulation (GDPR) (2016), Computer Misuse Act (1990), The Serious Crime Act (2015), Police and Justice Act (2006), Terrorism Act (2000), Human Rights Act (1998), Digital Economy Act (2017), Extradition Act (2003), Crime and Courts Act (2013) (to prevent extradition), Interception of Communication Act (1985).

Incident response methodology:

Preparation, Detection and Analysis, Containment, Eradication, and Recovery.

Developing a containment strategy, identifying and mitigating the hosts and systems under attack, and having a plan for recovery.

Post- incident activity.

The principles and elements of incident management.

Guidelines for incident responders and computer forensic investigations, together with legal aspects and relevant laws.

Intrusion detection and response methods.

Cryptography:

Contemporary use of cryptography, e.g. data encryption in storage, in usage and in transit (disks, network), data hashing (verification of origin, passwords, look- up tables, software verification, MD5).

Future trends in cryptography, e.g. blowfish, twofish, honey encryption, quantum key distribution.

Asymmetric and symmetric cryptography.

Organisations:

Organisations involved in preventing cyber security threats, e.g. National Cyber Security Centre (NCSC), police, National Crime Agency (NCA), National Cybercrime Unit (NCCU), Military Cyber Security Operations Centre (MCSOC), Regional Organised Crime Units (ROCUs).

Learning Outcomes and Assessment Criteria

Recommended Resources

Textbooks

Amoroso, E. and Amoroso, M. (2017) From CIA to APT: An Introduction to Cyber Security. New York: Independently published.

Gillespie, A. A. (2015) Cybercrime. Oxon: Routledge.

GRABOSKY, P. (2015) Cybercrime (Keynotes Criminology & Criminal Justice). New York: Oxford University Press.

Stevens, T. (2015) Cyber Security and the Politics of Time. Cambridge: Cambridge University Press.

Sutton, D. (2017) Cyber Security: A practitioner’s guide. Swindon: BCS, The Chartered Institute for IT.

Web

interpol.int

Interpol crime areas, cybercrime (General Reference)

nationalcrimeagency.gov.uk

National Crime Agency – crime threats, cybercrime (General Reference)

ncsc.gov.uk

National Cyber Security Centre (General Reference)

Links

This unit links to the following related units:

Unit 5: Security

Unit 30: Applied Cryptography in the Cloud.

The post BTEC Level 4 Unit 10 Cyber Security (M/618/5661) Assignment Brief 2026 appeared first on BTEC Assignment UK.

The post BTEC Level 4 Unit 10 Cyber Security (M/618/5661) Assignment Brief 2026 appeared first on Your Online Resourses Guide.