====== Cyber Security Technical Professional (integrated degree) from September 2020 ======

===== NCSC Provisionally Certified Degree Apprenticeship =====
[[https://www.ncsc.gov.uk/information/ncsc-certified-degrees| Link to NCSC]]

{{:cyberdegree:tig.png?200|}} {{:cyberdegree:techpart.png?200|}}
=== The degree meets the digital apprenticeship standard set by the Institute for Apprenticeships and Technical Education ===

It has 2 major components:
  * A full BSc Honours degree - awarded by our partner, the University of the West of England (UWE)
  * A Programme of work based training to develop professional skills and behaviours

Both parts must be achieved to be awarded the qualification


[[https://www.instituteforapprenticeships.org/apprenticeship-standards/cyber-security-technical-professional-integrated-degree/|The standard]]

==== Your Learner Journey ====
The Learner Journey covers the sequencing of the modules you will study in your degree, along with the work you should plan to do between in-college block weeks to help you achieve your degree apprenticeship. 

The Golden Valley Development (Cyber Park) is attracting many businesses to the area around Gloucestershire College. We have developed the content of the degree program with this in mind, structuring the curriculum to build skills and experience in layers to produce apprentices who can make a real difference to local as well as global business. The Cyber Park is intended as the first facility of its kind in the UK to support the growth and development of new cyber security businesses, technology, research and skills. It will be the focal point for cyber security globally as the UK builds one of the world’s leading digital economies.

The curriculum is designed and sequenced around the 21 knowledge areas contained within the Cyber Security Body of Knowledge [[https://www.cybok.org/|CyBOK]], which is funded by the NCSC.  


=== Year 1 Modules ===

Year 1 has been designed to cover the foundations of computing. 

Apprentices will cover computing fundamentals such as number systems and representation within the system, machine code, operating system design, virtualisation, different programming languages for different purposes, full stack development, threats to the systems we build and manage, and how to design and implement networked systems. 

^Year^Module^Overview^Builds towards^
|1|[[Operating systems and architecture]]|This module introduces apprentices to the foundations ot beof computer systems architecture together with the integrated hardware and software components and subsystems that enable and allow data to be input, processed and output. Low level programming is used to illustrate the operation of the components. The module then explores the concepts of operating systems, virtualisation, hardware management and file systems. Apprentices will learn the basic concepts of how data is represented in digital systems, logic and storage components, machine organisation and assembler programming. They will then build on this knowledge to see how levels of abstraction are introduced via operating systems and virtualisation to produce usable systems.|Programming, Operating Systems & Defensive Programming, Embedded Systems Security, Final Project and Dissertation, and End Point Assessment|
| |[[Programming]]|This module introduces students to the core concepts of programming with an introduction to algorithms and the characteristics of programming paradigms. Appropriate programming languages will be chosen to illustrate the concepts. It is not the intent of this module to teach apprentices to become proficient programmers. If this is a requirement of their employment, then it will be the employer’s responsibility. Among the topics included in this module are: introduction to algorithms, procedural, object-orientated & event-driven programming, the integrated development environment and the debugging process. Development lifecycles and processes are covered along with code repositories and version management|Information Management and Security, Operating Systems & Defensive Programming, Final Project and Dissertation, and End Point Assessment|
| |[[Cyber threats]]|Security is one of the most important challenges modern organisations face. Security is about protecting organisational assets, including personnel, data, equipment and networks from attack through the use of prevention techniques in the form of vulnerability testing/security policies and detection techniques, exposing breaches in security and implementing effective responses. In order to provide protection, it is fundamental to understand the types of threats, their methods and means of attack. In this module you will explore the different types of threat and how they penetrate personal, physical, logical and procedural in securities.|Cryptography, Mathematics and Algorithms, Operating Systems & Defensive Programming, all Year 3 modules and End Point Assessment|
| |[[Networking]]|The aim of this unit is to provide apprentices with knowledge of computer networking essentials, how they operate, protocols, standards, security considerations and a range of networking technologies. It gives the apprentices the knowledge and skills that they need for the planning, designing, implementation and management of computer networks and understanding of the network infrastructure capabilities and limitations.|Information Management and Security, Operating Systems & Defensive Programming, Final Project and Dissertation, and End Point Assessment|

=== Year 2 Modules ===

Year 2 has been designed to help apprentices mitigate against the threats to the systems we learned to build in year 1. 

Modules cover how cryptography can be used to secure data and systems in real-world applications, how organisational Information Management Systems contribute towards securing the enterprise, how we can apple good practise security principles to computer systems, design software with security built-in and how we can secure the burgeoning IoT device landscape. 

^Year^Module^Overview^Builds towards^
|2|[[Cryptography, mathematics and algorithms]]|This module introduces apprentices to the theoretical principles of cryptography and looks at some practical applications, many of which are used on a daily basis. Apprentices are expected to investigate the inner workings of cryptographic systems and how to correctly use them in real-world applications. Apprentices are expected to explore the mathematical algorithms in relation to cryptography and their applications. Apprentices are also expected to analyse the symmetric encryption methods and ciphers, public key cryptography and the security issues related to their implementation. In addition, apprentices are expected to investigate advanced encryption protocols and their applications. The module covers some of the mathematical principles and theory that underpin computing.|The learning in this module underpins all remaining modules, Final Project and Dissertation and the End Point Assessment.|
| |[[Information management and security]]|Information security is concerned with protecting an organisations’ electronic or physical data. It should protect the confidentiality, availability and integrity of data. This module is concerned with the way in which electronic data is handled within the organisation. How it is made available, manipulated and analysed. It then examines how management systems are employed to minimise risk without impacting business productivity. The initial part of the module teaches apprentices the basic concepts of information management and how to use database management systems. The latter part covers the standards, policies and procedures for information security. These will cover human behaviour as well as physical and electronic assets.|Operating System Security and Defensive Programming, all Year 3 modules, Final Project and Dissertation, and End Point Assessment|
| |[[Operating system security and defensive programming]]|This module introduces apprentices to the tasks of operating systems such as controlling and allocating memory, prioritising system requests, controlling input and output devices, facilitating data networking and managing files, including security and protection. Apprentices will learn the concepts of security protection in operating systems, such as hierarchical protection domains, and how they are employed to resist malware threats. A design pattern is a description of how to solve a problem that can be used in many different situations and can help deepen the understanding of object-orientated programming and help improve software design and reusability. They can also be used for secure programming and apprentices will learn how to apply them along with other methods and tools.|Embedded Systems, All Year 3 Modules, Final Project and Dissertation, and End Point Assessment|
| |[[Embedded systems security]]|This module aims to provide apprentices with an in-depth appreciation of embedded devices and their security. An embedded system is a combination of processor, memory, I/O and the OS that forms a device. Embedded systems get infrequent or never get software updates. They are very many identical devices installed, often in critical facilities and systems. Because of this the devices must be made secure Delivery will cover modern system architecture, key technologies, and the security implications of implementing these technologies. In addition, essential low-level malware techniques will be examined.|Final Project and Dissertation, End Point Assessment|

=== Year 3 Modules ===

In year 3, we build upon the modules covered in Years 1 and 2 to learn how to manage Cyber Security for the enterprise as Cyber Security Professionals. Apprentices will learn how we design security systems incorporating software and hardware consideration, investigate further how we identify and manage risk, what measures and steps we can put in place to re-secure systems after a cyber breach before  moving on to their individual project and dissertation. 
 
^Year^Module^Overview^Builds towards^
|3|[[Security assurance and security case development]]|There are recognised IT security design principles which can be applied to IT systems and software. These include security architectures that incorporate hardware and software components. A security case should take these principles and architectures into account.|Final Project and Dissertation and the End Point Assessment| 
| |[[Risk and information management]]| Risk assessments are used to identify, estimate, and prioritize risk to organisational operations (i.e., mission, functions, image, finance and reputation), organisational assets, individuals and other organisations, resulting from the operation and use of information systems. In order to assess risk, the systems need to be explored for weaknesses, either technical or social. Reconnaissance methods emulate those of attackers.|Final Project and Dissertation and the End Point Assessment|
| |[[Cybersecurity incident management and professionalism]]|Managing security incidents requires a rigorous approach and may have to be performed in real time. There are defined processes with key stages. Apprentices will be instructed and practice incident management. As part of this modules they will also research and investigate the legal, ethical and regulatory requirements.|Final Project and Dissertation and the End Point Assessment|
| |[[Project and dissertation]]|There is no specific syllabus for this module as the project is an individual piece of work, exploring an idea from conception through to realisation. Nonetheless, elements of the project process are covered in a short lecture series at the start of the academic year. |Overall grade|

=== Year 4 EPA ===
^Year^Module^Overview^Builds towards^
|4|[[End point assessment (EPA]])|This is an integrated degree apprenticeship. The degree cannot be awarded unless the apprenticeship is passed and vice versa. The EPA contributes 10 credits towards the degree and must be completed within three months of the Gateway. The EPA starts after the Gateway has been passed. The Gateway requirements are that the employer confirms that the apprentice is ready for the EPA and has met the knowledge, skills and behaviour (KSBs) requirements set out in the occupational standard; and the apprentice has completed and passed all the modules in years 1-3 (350 credits) and the apprentice has passed Level 2 English and maths (if not already achieved); and the apprentice has produced a portfolio in relation to the KSBs for the Technical Discussion|Overall grade|

We may review the delivery order of modules based on feedback from employers and apprentices. 

The full Learner Journey for Cohort 1 can be found here: {{ :cyberdegree:cohort1lj.pdf |Cohort 1}}

The full Learner Journey for Cohort 2 can be found here:{{ :cyberdegree:cohort2lj.pdf |Cohort 2}}

The full Learner Journey for Cohort 3a and 3b can be found here:{{ :cyberdegree:cohort3lj2.pdf |Cohort 3}}

==== This apprenticeship has a duration of up to 48 months====
====(3 year knowledge program and 6 months for final work based projects and end point assessment entry)====

[[GeneralDegreeInfo|General information about the degree]] 

{{ :cyberdegree:cyberdegreeintro.pptx |Introduction and procedures for appeals and complaints}}




===== Module Schedules =====

==== Modules (Cohort 1 2020 start) ====


^Year^Module^Room^Block release dates^
|1|[[Operating systems and architecture]]|Glos|7/9/2020, 21/9/2020, 12/10/2020|
| |[[Networking]]|Glos|9/11/2020, 14/12/2020, 11/01/2021|
| |[[Cyber threats]]|Glos|08/02/2021, 08/03/2021, 12/04/2021|
| |[[Programming]]|Glos|10/05/2021, 14/06/2021, 28/06/2021|
|2|[[Cryptography, mathematics and algorithms]]|Chelt G128 & G126|06/09/2021, 20/09/2021, 11/10/2021|
| |[[Operating system security and defensive programming]]|Chelt G123|08/11/2021, 06/12/2021, 10/01/2022|
| |[[Information management and security]]|Chelt G128|07/02/2022, 07/03/2022, 11/04/2022|
| |[[Embedded systems security]]|Chelt G128|09/05/2022, 13/06/2022, 27/06/2022|
|3|[[Security assurance and security case development]]|Chelt G128|05/09/2022, 03/10/2022, 31/10/2022| 
| |[[Risk and information management]]|Chelt G128|28/11/2022, 16/01/2023, 13/02/2023|
| |[[Cybersecurity incident management and professionalism]]|Chelt G128|13/03/2023, 10/04/2023, 08/05/2023|
| |[[Project and dissertation]]|Chelt G128|05/06/2023|
|4|[[End point assessment (EPA]])|Chelt G127|Dates to be confirmed|

==== Modules (Cohort 2 2021 start) ====

^Year^Module^Room^Block release dates^
|1|[[Operating systems and architecture]]|Chelt G127|13/09/2021, 27/9/2021, 18/10/2021|
| |[[Networking]]|Chelt G127|15/11/2021, 13/12/2021, 17/01/2022|
| |[[Cyber threats]]|Chelt G128 & G126|14/02/2022, 14/03/2022, 19/04/2022|
| |[[Programming]]|Glos D101|16/05/2022, 20/06/2022, 04/07/2022|
|2|[[Cryptography, mathematics and algorithms]]|Chelt G127|05/09/2022, 26/09/2022, 17/10/2022|
| |[[Information management and security]]| Chelt G127|21/11/2022, 12/12/2022, 23/01/2023|
| |[[Operating system security and defensive programming]]|Chelt G127|20/02/2023, 13/03/2023, 03/04/2023|
| |[[Embedded systems security]]|Chelt G127|01/05/2023, 22/05/2023, 12/06/2023|
|3|[[Security assurance and security case development]]|Chelt G128|04/09/2023, 02/10/2023, 30/10/2023|
| |[[Risk and information management]]| Chelt G128|27/11/2023, 15/01/2024, 12/02/2024|
| |[[Cybersecurity incident management and professionalism]]| Chelt G128|18/03/2024, 08/04/2024, 29/04/2024|
| |[[Project and dissertation]]| Chelt G128|
|4|[[End point assessment (EPA]])| Chelt G128|

==== Modules (Cohort 3A 2022 start) ====

^Year^Module^Room^Block release dates^
|1|[[Operating systems and architecture]]|Chelt G126| 05/09/2022, 03/10/2022, 17/10/2022 |
| |[[Programming]]|Glos D101|14/11/2022, 05/12/2022, 23/01/2023|
| |[[Cyber threats]]|Chelt G126|20/02/2023, 06/03/2023, 03/04/2023|
| |[[Networking]]|Chelt G126|01/05/2023, 22/05/2023, 12/06/2023|
|2|[[Embedded systems security]]| TBC G127|04/09/2023, 25/09/2023, 16/10/2023|
| |[[Cryptography, mathematics and algorithms]]| TBC G126|13/11/2023, 04/12/2023, 08/01/2024|
| |[[Information management and security]]| TBC G127 & G128|05/02/2024, 04/03/2024, 08/04/2024|
| |[[Operating system security and defensive programming]]| TBC G127|29/04/2024, 20/05/2024, 17/06/2024|
|3|[[Security assurance and security case development]]|
| |[[Risk and information management]]|
| |[[Cybersecurity incident management and professionalism]]|
| |[[Project and dissertation]]|
|4|[[End point assessment (EPA]])|

==== Modules (Cohort 3B 2022 start) ====

^Year^Module^Room^Block release dates^
|1|[[Operating systems and architecture]]|Chelt G126| 12/09/2022, 10/10/2022, 31/10/2022 |
| |[[Programming]]|Glos D101| 28/11/2022, 12/12/2022, 30/01/2023 |
| |[[Cyber threats]]|Chelt G126| 27/02/2023, 20/03/2023, 10/04/2023|
| |[[Networking]]|Chelt G126| 08/05/2023, 29/05/2023, 19/06/2023 |
|2|[[Embedded systems security]]| TBC G127|18/09/2023, 09/10/2023, 30/10/2023 |
| |[[Cryptography, mathematics and algorithms]]| TBC G126|20/11/2023, 11/12/2023, 15/01/2024 |
| |[[Information management and security]]| TBC G127|19/02/2024, 18/03/2024, 15/04/2024 |
| |[[Operating system security and defensive programming]]| TBC G127|13/05/2024, 03/06/2024, 24/06/2024 |
|3|[[Security assurance and security case development]]|
| |[[Risk and information management]]|
| |[[Cybersecurity incident management and professionalism]]|
| |[[Project and dissertation]]|
|4|[[End point assessment (EPA]])|


==== Modules (Cohort 4 September 2023 start) ====

^Year^Module^Room^Block release dates^
|1|[[Operating systems and architecture]]|Chelt G123| 25/09/2023, 16/10/2023, 06/11/2023 |
| |[[Programming]]|Glos D101| 04/12/2023, 08/01/2024, 29/01/2024 |
| |[[Cyber threats]]|Chelt G123| 19/02/2024, 18/03/2024, 29/04/2024|
| |[[Networking]]|Chelt G123| 20/05/2024, 10/06/2024, 01/07/2024 |
|2|[[Cryptography, mathematics and algorithms]]|
| |[[Operating system security and defensive programming]]| 
| |[[Embedded systems security]]| 
| |[[Information management and security]]|
|3|[[Security assurance and security case development]]|
| |[[Risk and information management]]|
| |[[Cybersecurity incident management and professionalism]]|
| |[[Project and dissertation]]|
|4|[[End point assessment (EPA]])|



==== Competency component ====

For the duration of the apprenticeship, technical competencies will be assessed in the workplace. These will include: building networks and digital systems, writing programs, analysing malware, identifying threats, undertaking risk assessments, designing secure systems and managing intrusion responses. 

A professional development plan will be established with the apprentice, the employer and the assessor to ensure all the required components are completed and demonstrated in a final portfolio of work based projects.

Apprentices will be visited by an assessor once a month throughout the degree in order to review progress and assess competencies. 

A training coordinator will visit every quarter to formally review progress with the line manager and the apprentice.

The employer and the assessor will judge when the apprentice is ready for the end point assessment.

{{ :cyberdegree:competencies.docx |Competency checklist}}

==== Off the Job Training ====
Off the job training should be recorded in Smart Assessor. 
 Should there be any issues in accessing Smart Assessor, please use this spreadsheet tracker and we will update Smart Assessor as soon as we can. 
{{ :cyberdegree:40_otj_monthly_learner_tracker_2020.xlsx |Tracker and work log}}

Types of training that count towards the off the job training. {{ :cyberdegree:types_of_training_that_can_be_used_in_your_reflective_logs.pdf |OTJ}} 


==== Apprentice Handbook ====
The apprentice handbook, available in the Wellbeing tab on Smart Assessor, contains the following useful information:
  * Safeguarding, Prevent and British Values
  * What we expect of you as an apprentice
  * What you should expect of us as a training provider
  * College Values
  * Procedures for college life
  * Resources you can access
  * Off The Job training and tracking
  * Assessment processes including the appeals procedure
  * NUS Apprenticeship Membership

==== Safeguarding & Prevent ====

=== Safeguarding ===
We are also here to support you - you can contact the college’s safeguarding team by emailing safeguarding@gloscol.ac.uk – monitored Monday to Friday from 08:30-17:00


=== Prevent ===
PREVENT is part of the Government’s strategy for preventing people becoming RADICALISED which may lead to EXTREMISM and acts of TERRORISM.
 
**RADICALISATION**: The process by which an individual or group comes to adopt extreme political, social, or religious views. 

**EXTREMISM**: The condition or act of taking an extreme view; belief in, and support for, ideas that most people think are unreasonable and unacceptable. 

**TERRORISM**: The unlawful use of violence and intimidation for a political, religious or ideological cause


If you are concerned about someone or need help tell the police via, [[www.gloucestershire.police.uk|Gloucestershire Police]] by calling 101, in an emergency by calling 999 or contact the Confidential Anti-Terrorist Hotline on 0800 789 321.