4 credit/unit hours – Four hours of lecture weekly; one term

This course explores security incidents and intrusions, including identifying and categorizing incidents and attackers, responding to incidents, analyzing logfiles and packet captures, working with Security Information and Event Management (SIEM) systems, and leveraging Network Security Monitoring methodologies.

Learning Objectives

Upon completion of this course the student will be able to:

  • Detect and characterize various types of computer and network incidents;
  • Demonstrate a practical understanding of the analysis of artifacts left on a compromised system;
  • Demonstrate an understanding of how to effectively respond to privileged and major event incidents;
  • Demonstrate an understanding of advisories, alerts, and management briefings; and
  • Demonstrate the ability to communicate incident response findings to technical and non-technical personnel

Main Topics

1.0 Attackers: Overview

2.0 Incident Response Preparation

3.0 Indicators and Intelligence

4.0 Incident Identification

5.0 Containment, Eradication, Recovery

6.0 Network Security Monitoring (NSM)

7.0 Intrusion Detection/Prevention Systems

8.0 Security Information and Event Management (SIEM) Systems

9.0 Logfile Aggregation

10.0 Gathering Data

11.0 Network Forensics