This course introduces the skills and techniques necessary to detect, respond and recover from cyber incidents. The goal is to learn to integrate business continuity / disaster recovery plans into the incident response process. This is a writing intensive course, which requires each student to individually document cyber security incidents and communicate the impact of those incidents to the organization. Peer writing evaluation will help students to consider how effective their written communication skills are.
Define & Explain Information Security and the role of policy / procedures
Identify and explain the basic concepts and phases of risk management.
Discuss key laws, regulations, and standards associated with contingency planning.
Define business impact analysis and describe each of its components
Explain the strategies employed for resumption of critical business processes at alternate and recovered sites.
Identify the activities and deliverables used in an incident response policy and explain how policy affects the process.
Describe the purpose and function of the CSIRT.
Perform network traffic analysis and sniffing by using appropriate tools.
Perform incident handling by using appropriate methods.
Identify security controls and defensive technologies.