Skip to main content

eServices scheduled downtime, July 11–July 13 | Fall 2025 Registration window now open. | Undergraduate Final Deadline is July 28 for fall term

CYBR 445 Cyber Incident Response and Handling

In the face of escalating cyber breaches and intrusions, organizations seek professionals adept at identifying and responding to security incidents proactively. This course offers an in-depth exploration of Digital Forensics and Incident Response (DFIR) methodologies, emphasizing frameworks such as NIST and US-CERT. Students will learn to effectively detect, analyze, contain, eradicate, and recover from cyber attacks within enterprise networks. Throughout the course, students will develop expertise in identifying threat actors and security breaches, analyzing artifacts and logs, conducting post-mortem analyses, and implementing and refining mitigation strategies. The curriculum aligns with the CompTIA CySA+ objectives, ensuring students are equipped with the competencies required for effective cybersecurity analysis and incident response. By the end of the course, students will be proficient in using industry-standard forensic tools, assessing cyber attack stages, and developing comprehensive incident response plans to mitigate future threats. Overlap: ICS 487.

Prerequisites

Special information

First day attendance is mandatory.
Formerly: ICS 487. Note: Students are responsible to both be aware of and abide by prerequisites for CFS/CYBR/ICS courses for which they enroll, and will be administratively dropped from a course if they have not met prerequisites.
4 Undergraduate credits

Effective May 6, 2020 to present

Learning outcomes

General

  • Analyze an attacker's Tactics, Techniques, and Procedures (TTPs) to assess adversary behavior, guide investigations, and anticipate future cyber threats.
  • Apply incident response methodologies, including NIST and US-CERT frameworks, to detect, contain, and mitigate security incidents.
  • Utilize forensic and security tools to collect, analyze, and preserve digital evidence for cyber investigations.
  • Assess the current stage of a cyber attack using frameworks such as the Cyber Kill Chain and MITRE ATT&CK to inform response strategies.
  • Develop and execute incident response plans encompassing containment, eradication, recovery, and post-incident analysis.
  • Produce and communicate comprehensive forensic and incident response reports tailored for both technical and non-technical audiences.
  • Evaluate and justify ethical considerations in cyber incident response, including privacy implications, legal constraints, and responsible disclosure.

Summer 2025

Section Title Instructor books eservices
50 Cyber Incident Response and Handling Hepp, Alex Books for CYBR-445-50 Summer 2025 Course details for CYBR-445-50 Summer 2025