Description
4 credit/unit hours – Four hours of lecture weekly; one term
This course explores security incidents and intrusions, including identifying and categorizing incidents and attackers, responding to incidents, analyzing logfiles and packet captures, working with Security Information and Event Management (SIEM) systems, and leveraging Network Security Monitoring methodologies.
Learning Objectives
Upon completion of this course the student will be able to:
- Detect and characterize various types of computer and network incidents;
- Demonstrate a practical understanding of the analysis of artifacts left on a compromised system;
- Demonstrate an understanding of how to effectively respond to privileged and major event incidents;
- Demonstrate an understanding of advisories, alerts, and management briefings; and
- Demonstrate the ability to communicate incident response findings to technical and non-technical personnel
Main Topics
1.0 Attackers: Overview
2.0 Incident Response Preparation
3.0 Indicators and Intelligence
4.0 Incident Identification
5.0 Containment, Eradication, Recovery
6.0 Network Security Monitoring (NSM)
7.0 Intrusion Detection/Prevention Systems
8.0 Security Information and Event Management (SIEM) Systems
9.0 Logfile Aggregation
10.0 Gathering Data
11.0 Network Forensics