This Cyber Range curriculum engages participants in a systematic, multi-phase incident response scenario emphasising discovery, investigation, containment, and recovery inside a realistic corporate setting. The exercise highlights operational blue-team skills, encompassing log analysis, endpoint artefact validation, network investigation, and systematic incident documenting in accordance with established response frameworks.
Participants operate in a controlled but realistic technical environment where they must analyse alerts, correlate indicators across multiple data sources, reconstruct attacker activity and make containment decisions under time pressure. The situation necessitates the methodical implementation of digital forensic principles, adherence to evidence handling protocols, and the alignment of adversarial behaviour with organised analytical frameworks like MITRE ATT&CK.
The module emphasises the practical implementation of technical investigation procedures in a replicable and quantifiable setting, rather than focusing on incident response theory. Automated validation methods evaluate analytical precision, investigative thoroughness, and response uniformity, ensuring that participants exhibit operational preparedness in alignment with Incident Responder and SOC analyst roles.
- Teacher: Cadmus Administrator
1 Chief Information Security Officer (CISO): No
2. Cyber Incident Responder: No
3. Cyber Legal, Policy & Compliance Officer: No
4. Cyber Threat Intelligence Specialist: No
5. Cybersecurity Architect: No
6. Cybersecurity Auditor: No
Cybersecurity Educator: No
Cybersecurity Implementer: No
Cybersecurity Researcher: No
Cybersecurity Risk Manager: No
Digital Forensics Investigator: No
Penetration Tester: No
SMEs: No
Cybersecurity Professionals: No
LMS : No
Cyber Range : No
SG/TTX: No
Bootcamp : No
Hackathon : No
1 Analyse and comply with cybersecurity-related laws, regulations and legislations: No
2 Analyse and consolidate organisation’s quality and risk management practices: No
3 Analyse and implement cybersecurity policies, certifications, standards, methodologies and frameworks: No
4 Analyse business processes, assess and review software or hardware security, as well as technical and organisational controls: No
5 Anticipate cybersecurity threats, needs and upcoming challenges: No
6 Anticipate required changes to the organisation’s information security strategy and formulate new plans: No
7 Apply auditing tools and techniques: No
8 Assess and enhance an organisation’s cybersecurity posture: No
9 Assess the security and performance of solutions: No
10 Audit with integrity, being impartial and independent: No
11 Automate threat intelligence management procedures: No
12 Build a cybersecurity risk-aware environment: No
13 Build resilience against points of failure across the architecture: No
14 Carry out working-life practices of the data protection and privacy issues involved in the implementation of the organisational processes, finance and business strategy: No
15 Collaborate with other team members and colleagues: No
16 Collect information while preserving its integrity: No
17 Collect, analyse and correlate cyber threat information originating from multiple sources: No
18 Collect, evaluate, maintain and protect auditing information: No
19 Communicate, coordinate and cooperate with internal and external stakeholders: No
20 Communicate, explain and adapt legal and regulatory requirements and business needs: No
21 Communicate, present and report to relevant stakeholders: No
22 Comprehensive understanding of the business strategy, models and products and ability to factor into legal, regulatory and standards’ requirements: No
23 Conduct ethical hacking: No
24 Conduct technical analysis and reporting: No
25 Conduct user and business security requirements analysis: No
26 Conduct, monitor and review privacy impact assessments using standards, frameworks, acknowledged methodologies and tools: No
27 Configure solutions according to the organisation’s security policy: No
28 Coordinate the integration of security solutions: No
29 Decompose and analyse systems to develop security and privacy requirements and identify effective solutions: No
30 Decompose and analyse systems to identify weaknesses and ineffective controls: No
31 Define and apply maturity models for cybersecurity management: No
32 Design systems and architectures based on security and privacy by design and by defaults cybersecurity principles: No
33 Design, apply, monitor and review Information Security Management System (ISMS) either directly or by leading its outsourcing: No
34 Design, develop and deliver learning programmes to cover cybersecurity needs: No
35 Develop and communicate, detailed and reasoned investigation reports: No
36 Develop code, scripts and programmes: No
37 Develop codes, scripts and programmes: No
38 Develop cybersecurity exercises including simulations using cyber range environments: No
39 Develop evaluation programs for the awareness, training and education activities: No
40 Develop, champion and lead the execution of a cybersecurity strategy: No
41 Draw cybersecurity architectural and functional specifications: No
42 Enable business assets owners, executives and other stakeholders to make risk-informed decisions to manage and mitigate risks: No
43 Establish a cybersecurity plan: No
44 Explain and communicate data protection and privacy topics to stakeholders and users: No
45 Explain and present digital evidence in a simple, straightforward and easy to understand way: No
46 Follow and practice auditing frameworks, standards and methodologies: No
47 Generate new ideas and transfer theory into practice: No
48 Guide and communicate with implementers and IT/OT personnel: No
49 Identify and exploit vulnerabilities: No
50 Identify and select appropriate pedagogical approaches for the intended audience: No
51 Identify and solve cybersecurity-related issues: No
52 Identify needs in cybersecurity awareness, training and education: No
53 Identify non-cyber events with implications on cyber-related activities: No
54 Identify threat actors TTPs and campaigns: No
55 Identify, analyse and correlate cybersecurity events: No
56 Implement cybersecurity recommendations and best practices: No
57 Implement cybersecurity risk management frameworks, methodologies and guidelines and ensure compliance with regulations and standards: No
58 Influence an organisation’s cybersecurity culture: No
59 Integrate cybersecurity solutions to the organisation’s infrastructure: No
60 Lead the development of appropriate cybersecurity and privacy policies and procedures that complement the business needs and legal requirements; further ensure its acceptance, comprehension and implementation and communicate it between the involved parties: No
61 Manage and analyse log files: No
62 Manage cybersecurity resources: No
63 Model threats, actors and TTPs: No
64 Monitor new advancements in cybersecurity-related technologies: No
65 Motivate and encourage people: No
66 Organise and work in a systematic and deterministic way based on evidence: No
67 Perform social engineering: No
68 Practice all technical, functional and operational aspects of cybersecurity incident handling and response: No
69 Propose and manage risk-sharing options: No
70 Propose cybersecurity architectures based on stakeholder’s needs and budget: No
71 Provide training towards cybersecurity and data protection professional certifications: No
72 Review and enhance security documents, reports, SLAs and ensure the security objectives: No
73 Review codes assess their security: No
74 Select appropriate specifications, procedures and controls: No
75 Think creatively and outside the box: No
76 Understand legal framework modifications implications to the organisation’s cybersecurity and data protection strategy and policies: No
77 Understand, practice and adhere to ethical requirements and standards: No
78 Use and apply CTI platforms and tools: No
79 Use penetration testing tools effectively: No
80 Utilise existing cybersecurity-related training resources: No
81 Work ethically and independently; not influenced and biased by internal or external actors: No
82 Work on operating systems, servers, clouds and relevant infrastructures: No
83 Work under pressure: No