CYBR 445 Cyber Incident Response and Handling
In the face of escalating cyber breaches and intrusions, organizations seek professionals adept at identifying and responding to security incidents proactively. This course offers an in-depth exploration of Digital Forensics and Incident Response (DFIR) methodologies, emphasizing frameworks such as NIST and US-CERT. Students will learn to effectively detect, analyze, contain, eradicate, and recover from cyber attacks within enterprise networks.
Throughout the course, students will develop expertise in identifying threat actors and security breaches, analyzing artifacts and logs, conducting post-mortem analyses, and implementing and refining mitigation strategies. The curriculum aligns with the CompTIA CySA+ objectives, ensuring students are equipped with the competencies required for effective cybersecurity analysis and incident response. By the end of the course, students will be proficient in using industry-standard forensic tools, assessing cyber attack stages, and developing comprehensive incident response plans to mitigate future threats. Overlap: ICS 487.
First day attendance is mandatory.
Formerly: ICS 487. Note: Students are responsible to both be aware of and abide by prerequisites for CFS/CYBR/ICS courses for which they enroll, and will be administratively dropped from a course if they have not met prerequisites.
Prerequisites
Special information
Formerly: ICS 487. Note: Students are responsible to both be aware of and abide by prerequisites for CFS/CYBR/ICS courses for which they enroll, and will be administratively dropped from a course if they have not met prerequisites.
4 Undergraduate credits
Effective May 6, 2020 to present
Learning outcomes
General
- Analyze an attacker's Tactics, Techniques, and Procedures (TTPs) to assess adversary behavior, guide investigations, and anticipate future cyber threats.
- Apply incident response methodologies, including NIST and US-CERT frameworks, to detect, contain, and mitigate security incidents.
- Utilize forensic and security tools to collect, analyze, and preserve digital evidence for cyber investigations.
- Assess the current stage of a cyber attack using frameworks such as the Cyber Kill Chain and MITRE ATT&CK to inform response strategies.
- Develop and execute incident response plans encompassing containment, eradication, recovery, and post-incident analysis.
- Produce and communicate comprehensive forensic and incident response reports tailored for both technical and non-technical audiences.
- Evaluate and justify ethical considerations in cyber incident response, including privacy implications, legal constraints, and responsible disclosure.
Summer 2025
| Section | Title | Instructor | books | eservices |
|---|---|---|---|---|
| 50 | Cyber Incident Response and Handling | Hepp, Alex | Books for CYBR-445-50 Summer 2025 | Course details for CYBR-445-50 Summer 2025 |