CSS 207: Incident Response

Course Description

This course will focus on incident detection and response. Topics will include: defining a security incident and explaining the incident response lifecycle, including the roles and responsibilities of incident response teams, analyzing and interpreting network communications to detect security incidents using packet sniffing tools. It will also explore the incident investigation and response processes and procedures and the use of Intrusion Detection Systems (IDS) and Security Information Event Management (SIEM) tools. (3 credits)

Prerequisite

  • CSS 101: Cybersecurity Fundamentals

Student Learning Outcomes (SLOs)

Upon completion of the course, the students will be able to:

  1. Explain the lifecycle of an incident.
  2. Describe the tools used in documentation, detection, and management of incidents.
  3. Illustrate and explain fundamental architectures of networks and the Internet, as well as their underlying principles.
  4. Analyze packets to interpret network communications.
  5. Identify and critically assess issues and concepts related to the protection of information and information systems.
  6. Perform artifact investigations to analyze and verify security incidents.
  7. Use risk management principles to assess threats, vulnerabilities, countermeasures, and impact contributions at risk in information systems.
  8. Identify the steps to contain, eradicate, and recover from an incident.
  9. Determine when and how to escalate a security incident.
  10. Determine how to read and analyze logs during incident investigation.
  11. Interpret the basic syntax and components of signatures and logs in Intrusion Detection Systems (IDS) and Network Intrusion Detection Systems (NIDS) tools.
  12. Perform queries in Security Information and Event Management (SIEM) tools to investigate an event.
  13. Communicate sensitive information with care and confidentiality.
  14. Engage with the cybersecurity community.

Course Activities and Grading

AssignmentsWeight

Discussion (Weeks 1-8)

16%

Assignment Activities (Weeks 1-8)

72%

Labs (Week 2)

12%

Total

100%

Required Textbooks

  • No required textbook. This course utilizes Coursera and the Google Tools of the Trade: Linux and SQL course which is part of the Google Cybersecurity Certificate program. The first time you access a Coursera course, you will have to set up your Coursera account. Please make sure to use your charteroak.edu email address. It may also ask you to provide a secondary email. You may use a personal email if you wish. Then, enroll in the course.

Course Schedule

Week

SLOs

Readings and Exercises

Assignments

1

1,2

Topics: Introduction to Detection and Incident Response

  • Complete Week 1 required readings and viewings
  • Review the Getting Started information in Blackboard
  • Review the course syllabus
  • Review the Lecture material
  • Participate in the discussions
  • Activity: Sound the Alarm: Introduction to Detection and Incident Response
  • Activity: Understanding Security Threats

2

3,4

Topic: Network Monitoring and Analysis

  • Complete Week 2 required readings and viewings
  • Review the Lecture material
  • Participate in the discussions
  • Activity: Network Monitoring and Analysis
  • Activity: Securing Your Networks
  • Submit the Week 2 - Assignment 1

3

5,10

Topic: Incident Investigation and Response

  • Complete Week 3 required readings and viewings
  • Review the Lecture material
  • Participate in the discussions
  • Activity: Incident Investigation and Response
  • Activity: Detection Foundations
  • Submit the Week 3 - Assignment 2

4

11,12

Topic: Network Traffic and Logs Using IDS and SIEM Tools

  • Complete Week 4 required readings and viewings
  • Review the Lecture material
  • Participate in the discussions
  • Activity: Network Traffic and Logs Using IDS and SIEM Tools
  • Activity: Detection in Practice
  • Submit the Week 4 - Assignment 3

5

6,7

Topic: Protect Data and Communicate Incidents

  • Complete Week 5 required readings and viewings
  • Review the Lecture material.
  • Participate in the discussions.
  • Activity: Protect Data and Communicate Incidents
  • Activity: Data Protection and Privacy

6

8,9

Topic: Escalate Incidents

  • Complete Week 6 required readings and viewings
  • Review the Lecture material.
  • Participate in the discussions.
  • Activity: Escalate Incidents
  • Activity: Incident Response Management
  • Submit the Week 6 - Assignment 4

7

13

Topics: Communicate Effectively

  • Complete Week 7 required readings and viewings
  • Review the Lecture material
  • Participate in the discussions
  • Activity: Communicate Effectively to Influence Stakeholders
  • Activity: Creating a Company Culture for Security

8

14

Topics: Engage with the Cybersecurity Community

  • Complete Week 8 required readings and viewings
  • Review the Lecture material
  • Participate in the discussions
  • Activity: Engage with the Cybersecurity Community
  • Activity: Find and Apply for  Cybersecurity Jobs
  • Complete Course Evaluation

COSC Accessibility Statement

Charter Oak State College encourages students with disabilities, including non-visible disabilities such as chronic diseases, learning disabilities, head injury, attention deficit/hyperactive disorder, or psychiatric disabilities, to discuss appropriate accommodations with the Office of Accessibility Services at OAS@charteroak.edu.

COSC Policies, Course Policies, Academic Support Services and Resources

Students are responsible for knowing all Charter Oak State College (COSC) institutional policies, course-specific policies, procedures, and available academic support services and resources. Please see COSC Policies for COSC institutional policies, and see also specific policies related to this course. See COSC Resources for information regarding available academic support services and resources.