|
|
Dec 26, 2024
|
|
CIS 296 - Incident Response and SIEM
5.0 Credits Covers a methodical and forensically sound approach to dealing with security breaches (also known as incidents). Students will learn how to manage incidents so that damage is limited and recovery time is optimal. Real-time monitoring and correlation of events taking place within an information system will be covered as well as conducting a detailed analysis of log data from various systems. This course forms the nexus between the digital forensics and cyber security courses. Prerequisite CIS 272 and CIS 274 with a minimum grade of 2.5 or concurrent enrollment or instructor permission. Course-level Learning Objectives (CLOs) Upon successful completion of this course, students will be able to:- Implement a plan to mitigate the likelihood and impact of incidents.
- Develop a comprehensive incident response plan.
- Recover data in a forensically sound fashion from a variety of computing devices.
- Detect compromises using key Windows events.
- Identify internal pivoting activity using log data.
- Detect post exploitation using command line logging.
- Configure Security Information Event Management (SIEM) tripwires.
- Apply long tail analysis concepts to identify abnormal system usage.
- Implement phone home tracking methods.
Add to Personal Catalog (opens a new window)
|
|
|