This course covers network defense and incident response methods, tactics, and procedures which are taught in alignment with industry frameworks such as NIST 800-61 r.2 (Computer Security Incident Handling), US-CERT’s NCISP (National Cyber Incident Response Plan), and Presidential Policy Directive (PPD) 41 on Cyber Incident Coordination Policy. It is ideal for candidates who have been tasked with the responsibility of monitoring and detecting security incidents in information systems and networks, and for executing standardized responses to such incidents.
Learning Objectives
Students will be able to compare and contrast various threats and classify threat profile, explain the purpose and use of attack tools and technique, explain the purpose and use of post exploitation tools and tactic, explain the purpose and use of social engineering tactic, perform ongoing threat landscape research and use data to prepare for incident, explain the purpose and characteristics of various data source, use appropriate tools to analyze log, use regular expressions to parse log files and locate meaningful data, use Windows tools to analyze incidents, use Linux-based tools to analyze incidents, summarize methods and tools used for malware analysis, analyze common indicators of potential compromise, explain the importance of best practices in preparation for incident response, execute incident response process, explain the importance of concepts that are unique to forensic analysis, and explain general mitigation methods and devices.