95-857 Incident Response
- 6 units
Prerequisites: 95-856 Hacking Exposed or instructor permission
Computer intrusions and security incidents are a part of life. Responding to these incidents is complex due to the technologies and disciplines involved. Effective response requires an understanding of technology, investigative sciences, legal requirements, and political considerations. System and security administrators as well as managers are often asked to respond to and resolve incidents, but rarely have the requisite knowledge to do so. This course teaches the theory and principles of incident response through a hands-on and practical approach. Students will see common network attacks first hand, and then learn the specific steps and methodology necessary to resolve the incident. They will learn how a particular attack leaves a signature, and will be given the tools to identify those signatures. Students will then use those tools to identify unknown attacks, both in lab settings and projects. The entire lifecycle of incident response is covered, from pre-incident preparation through notification, initial response, and recovery. Real world case studies will provide insight into the computer crime cases that corporations and government are currently facing. Guest speakers with computer forensics and law enforcement backgrounds may be invited to speak. Goals:
