This course fosters cybersecurity incident response and investigative knowledge, from both the organizational and system perspective. Material includes laws, standards, codes of behavior and best practices for incident response, including the management of relationships (e.g., regulators, clients, vendors). Case studies are presented and discusses in light of organizational resource limitations, legal mandates, and jurisdictional boundaries.
With successful completion of this course, students are able to: 1. Situate cybersecurity incident response and investigation within an organization’s overall incident response policies and processes. 2. Identify rules and best practices for reporting or otherwise communicating information about cybersecurity events and incidents. 3. Identify concepts and methods for effective containment and mitigation of cybersecurity incidents. 4. Articulate the roles of common tools and techniques for investigating and analyzing cybersecurity incidents. 5. Explain and give examples of the differing mandates and priorities in the communities of interest for incident response and investigation (e.g., CERTs and CSIRTs, law enforcement agencies, regulators, vendors, intelligence community, etc.).