Cyber Incident Response and Handling
Overlap: ICS 487. Note: Students are responsible to both be aware of and abide by prerequisites for ICS courses for which they enroll, and will be administratively dropped from a course if they have not met prerequisites.First day attendance is mandatory.
As cyber breaches and intrusions continue to increase, enterprises are now looking to hire professionals who can identify and respond to breaches and incidents before they have adverse impacts on information systems and data networks.
This course provides an in-depth coverage of applying Digital Forensics and Incident Response methodologies and frameworks to address and manage the aftermath of security breaches or incidents with the goal of limiting the damages and reducing the recovery time and costs. The student will be able to identify, contain, eradicate and recover from an attack in an enterprise network. Topics include identifying threat actors and security breaches, analyzing artifacts and logs, restoring back the system, performing postmortem analysis, and implementing and/or modifying mitigating techniques.
- Identify and analyze the attacker¿s Tactics, Techniques, and Procedures (TTPs) to evaluate the modus operandi of cyber adversaries, target the resulting investigation and incident response, and anticipate and mitigate future activity.
- Demonstrate a practical understanding of various methodologies for analyzing artifacts left on a compromised system.
- Apply Incident Handling methodology based on the National Institute of Standards and Technology (NIST), the US-CERT, and other frameworks
- Use various available digital forensic and security tools in an efficient and effective manner to aid in investigation
- Validate the current stage of a cyber-attack based on the Lockheed Cyber Kill Chain model
- Produce quality reports and communicate the technical contents to a variety of audiences