An examination of policies and procedures related to security incidents, exposures, and risks and technologies used to respond to such threats. Topics include dynamic vulnerability analysis, intrusion detection, attack response, evidence protection, and business continuity. Discussion also covers types and modes of computer-facilitated attacks, readiness, and evidence scope, as well as the role of computer emergency response teams.
At the end of this course, students should be able to:
Develop and utilize policies, procedures, and technologies for incident analysis.
Evaluate risk management techniques to address potential exposures.
Develop incident response plans and procedures that maintain investigative integrity for a variety of incidents and exposures.
Incorporate incident management, containment, identification, eradication, and recovery.
Evaluate environment for global/international influences and determine risk implications.
Construct a business continuity plan.
Utilize forensic techniques to determine extent of incident, and formulate corrective and evidentiary-based response.
Analyze types and modes of computer-facilitated attacks for their potential organizational and global impact.
Incorporate analysis and response results into appropriate action plans, reporting, information sharing, improvement cycles, and exposure elimination.
Evaluate inter and intra organizational resources for incident investigation and response.
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.