The Cyber Extended Project Qualification (The CyberEPQ). Brought to you by CIISec

Provided by

Enquire about this course

About the course

Chartered Institute of Information Security

Break into a Cyber Security career with the CyberEPQ.

Pre-register for 2022-2023

 Pricing - school based learners - £175 

Independent learners - £550 

What is the Cyber EPQ?
The CyberEPQ is the UK’s first and only Extended Project Qualification (EPQ) in Cyber Security. This unique Cyber Security qualification has been developed by a consortium of education and Cyber Security partners to help provide a starting point for anyone considering a career in Cyber Security; to go to university, start an apprenticeship or change career.

The Cyber EPQ qualification is delivered online using distance learning tools with its content guided by the National Occupational Standards (NOS), and aligned with the Chartered Institute of Information Security (CIISec) and the Cyber Security Body of Knowledge (CyBOK) Skills and Knowledge Framework.

The EPQ is a Level 3 qualification, accredited by City & Guilds, worth up to an extra 28 UCAS points. The course is delivered using a distance learning platform (the Moodle) and can be studied through your school or independently. School Learners are supervised by their teachers and Independent Learners will have a supervisor assigned to them.

  • delivered online
  • 11 modules
  • extensive video content
  • quizzes
  • downloadable resources
  • games

Who is the Cyber EPQ for?
Everybody. There are no formal entry requirements for studying the course, it is open to everyone. It is recommended that you have studied at Level Two (GCSE level or equivalent) prior to the course. You must be 14 years old or above on enrolment.

The CyberEPQ was designed to bridge the gap in Cyber Security qualifications between GCSE Computer Studies and a degree in Cyber Security. It also assists in training potential Cyber Security professionals and those who are looking for a change in career into Cyber Security.

What will I learn?
The course includes 10 Core Compulsory Modules and 3 Specialist Modules. At least one of the specialist modules must be completed.

Introduction to Cyber Security
In this module, you will be introduced to the topic of Cyber Security, including a brief history of ethical hacking, Confidentiality, Integrity and Availability (the CIA Triad) of data as well as the Computer Misuse Act.

The History of Computing & Cryptography
Take a look at computing from the breaking of the Enigma code at Bletchley Park, the world’s first programmable computer - Colossus, through to the development of mainframes, personal computers, and the development of the internet.

Explore the study of the techniques of secret writing, especially code and cipher systems, methods as well as the procedures, processes, methods of making and using secret writing, as codes or ciphers.

In addition, you will get the chance to reflect on the next big thing in cyber security, namely Quantum Computing. You will get the opportunity to consider whether quantum computing is a challenge to current cryptographic practices.

In this module you will explore Cybercrime, which is used to describe two closely linked, but distinct ranges of criminal activity, namely cyber dependent crimes, and cyber-enabled crimes. Cyber-dependent crimes, can be committed only through the use of Information and Communications Technology (‘ICT’) devices, where the devices are both the tool for committing the crime, and the target of the crime. Whereas Cyber-enabled crimes refer to traditional crimes which can be increased in scale or reach by the use of computers, computer networks or other forms of ICT.

Risk Assessment, Management & Governance (Part 1 & 2)
This module looks at Risk Management, which is the process of identifying, assessing, and controlling threats to an organisation's capital and earnings. These threats, or risks, could stem from a wide variety of sources, including financial uncertainty, legal liabilities, strategic management errors, accidents, and natural disasters.

IT security threats and data-related risks, and the risk management strategies to alleviate them, have become a top priority for digitized companies. As a result, a risk management plan increasingly includes companies' processes for identifying and controlling threats to its digital assets, including proprietary corporate data, a customer's personally identifiable information (PII) and intellectual property.

Governance refers to the actions, processes, traditions, and institutions by which authority is exercised and decisions are taken and implemented. Risk governance applies the principles of good governance to the identification, assessment, management, and communication of risks

Furthermore, we have added a section on the Ethics of cyber security practice. You shall be examining how ethics are critical to any sound cybersecurity defence strategy.

Security Testing & Vulnerability Assessment
Explore Security Testing, which is a type of Software Testing that uncovers vulnerabilities, threats, and risks in a software application, and prevents malicious attacks from intruders. The purpose of Security Tests is to identify all possible loopholes and weaknesses of the software system which might result in a loss of information, revenue, or reputation at the hands of employers or outsiders of the organisation. The main goal of Security Testing is to identify the threats in the system and measure its potential vulnerabilities, so the threats can be encountered, and the system does not stop functioning or cannot be exploited. It also helps in detecting all possible security risks in the system and helps developers to fix the problems through coding.

In this module you will also learn about Vulnerability Assessment which is a risk management process used to identify, quantify, and rank possible vulnerabilities to threats in a given system. It is not isolated to a single field and is applied to systems across different industries such as; IT systems; Energy and other Utility systems; Transportation; Communication Systems.

Digital Forensics
Explore Digital Forensics, which is the process by which information is extracted from data storage media (e.g., devices, remote storage and systems associated with computing, imaging, image comparison, video processing and enhancement [including CCTV], audio analysis, satellite navigation, communications), rendered into a useable form, processed, and interpreted to obtain intelligence for use in investigations, or evidence for use in criminal proceedings.

Incident Response Management
In this module you will look at Incident Response Management, which is an organised strategy for addressing and managing the after effects of a security breach or cyber-attack, also known as an incident involving IT, computer incident or security. The purpose is to control the situation in a way that limits harm and reduces the time and cost of recovery.

Identity & Access Management (Authentication, Authorisation & Accountability)
This module explores Identity and Access Management (IAM), which is a collective term that covers products, processes, and policies used to manage user identities and regulate user access within an organisation.

This module also looks at authentication, authorisation, and accountability (AAA) which refers to a common security framework for mediating network and application access. AAA intelligently controls access to computer resources by enforcing strict access and auditing policies. This process ensures that access to network and software application resources can be restricted to specific, legitimate users.

Explore Artificial Intelligence (AI) and Machine Learning (ML). AI makes it possible for machines to learn from their experiences, adjusting to new inputs and performing human-like tasks. Most AI applications rely heavily on deep learning and natural language processing, which is referred to in general as Machine Learning. Cyber security experts are looking into the potential for AI and ML to identify and counteract sophisticated cyber-attacks with minimal human intervention.

Also study GDPR which is designed to ensure that the integrity of any personal data that is collected, managed, stored, or processed by an organisation is fully protected. It brings new mandatory requirements for data controllers and processors. These provide further safeguards, ranging from the need to gain an individual’s consent to store and use their data - and their right to know what personal data is held about them - right through to the need for some companies to appoint data protection officers.

GDPR also introduces much heavier penalties for breaches of the regulation by companies that fail to comply. The onus is on individual firms to understand the risks associated with any personal data they hold or use and to take the necessary measures to mitigate those risks.

Within this module you will also get to investigate how the UK enacted the GDPR into law as the Data Protection Act 2018 (GDPR 2018).

Security Audit, Compliance and Assurance
Explore Audit Compliance functions which are meant to reasonably ensure that the company is complying with all applicable laws, rules, and regulations, as well as internal codes of conduct, policies, and procedures. The Internal Audit function is designed to monitor and evaluate the company’s internal control environment as to its adequacy, efficiency, and effectiveness.

Security assurance can be defined as the confidence that a system meets its security requirements and is resilient against security vulnerabilities and failures. The confidence indicated by the security assurance represents the level of trust we give to a system that is safe to use.

Human Aspects of Cyber Security (specialist topic)
In this module, discover how human factors of cyber security represent the actions or events when human error results in a successful hack or data breach. Sharing of passwords, poor patch management, double-clicking on unsafe URLs, and organizational access through a personal device are just a few human errors that lead to a security threat, many of which could be mitigated.

You will also explore how by defining the anti-requirements or abuse frames which make explicit potential adversarial behaviour of attackers and design mechanisms, they can protect an organisation. Security is not a zero-sum game, meaning the gain of the attacker does not equal the loss of the defender. Therefore, understanding the goals, assets, and risks for the organisation is not enough. It is important to understand the goals of potential attackers and the gain they may achieve by having access to the organisation’s assets.

Pentesting (specialist topic)
Examine Penetration Testing (pen-testing or pentesting) which is a method of testing, measuring, and enhancing established security measures on information systems and support areas.

In this way organisations can gain assurance in the security of an IT system by attempting to breach some or all of that system's security, using the same tools and techniques as an adversary might.

Penetration testing should be viewed as a method for gaining assurance in an organisation's vulnerability assessment and management processes, not as a primary method for identifying vulnerabilities.




Start date Location / delivery
No fixed date Online Book now

Related article

Qufaro and Deloitte launched in May their Virtual Day of Cyber Learning. The day kicked off with Ivana Bartoletti, Technical Director, and author o...