Official Course Description: MCCCD Approval: 07/22/08
ITS290 20052-20086	LEC	3 Credit(s)	3 Period(s)
Computer Security Incident Response
Study of computer security incidents and how to respond to those incidents. Examination of frameworks for developing response strategies. Development and presentation of an incident response plan. Prerequisites: BPC170 and ITS110 or permission of Instructor.

Go to Competencies    Go to Outline
 

MCCCD Official Course Competencies:
ITS290   20052-20086	Computer Security Incident Response

1.	Identify and describe examples of computer security incidents. (I)
2.	Identify and describe the goals of computer security incident response. (II)
3.	Compare and contrast computer security incident response methodologies. (III)
4.	Explain the role of risk analysis in computer security incident response and identify specific types of related risks. (IV)
5.	Explain the roles of the members of an incident response team. (V)
6.	Describe and explain the purpose of pre-incident activities. (VI)
7.	Describe and explain the purpose of activities that take place during the initial response to an incident. (VII)
8.	Describe and explain the purpose of activities following the identification of an incident. (VIII)
9.	Identify, explain the purpose, and demonstrate the use of tools used in computer security incident response. (IX)
10.	Apply the process of collecting volatile system information for later forensic analysis. (X)
11.	As part of a team, write a comprehensive computer security incident response plan and deliver an executive-level presentation of the plan. (XI)

Go to Description    Go to top of Competencies
 

MCCCD Official Course Outline:
ITS290   20052-20086	Computer Security Incident Response

I. Examples of Computer Security Incidents A. Loss, theft, and destruction of intellectual property B. Loss, theft, and destruction of computing infrastructure assets C. Misuse of email and other computing resources D. Unauthorized access of computing resources E. Denial of service attacks II. Goals of Computer Security Incident Response A. Coordinated response to incidents B. Successful recovery from incidents C. Minimizing impact of incident D. Preservation of evidence E. Minimize negative publicity III. Computer security incident response methodologies A. Request for comment (RFC) 2196 B. Six-stage model of preparation through follow-up C. Seven-stage model of preparation through recovery IV. Risk Analysis A. Quantitative analysis B. Qualitative analysis C. Classification of risk types D. Date-driven risk analysis V. Incident Response Teams A. Human resources B. Legal department C. Management D. Helpdesk E. Outside experts F. Other stakeholders VI. Pre-incident Activities A. Host configuration B. Network configuration C. Policy development D. Procedural checklists E. Incident response tools F. Testing communications VII. Initial Response A. Information gathering B. Documentation C. Team notification D. Investigation E. Determination of response strategy F. Declaration of an incident VIII. Post-detection Response A. Containment B. Eradication C. Recovery D. Reporting and follow-up IX. Computer Security Incident Response Tools A. Forensic hardware platform B. Mass storage devices C. Removable media D. Hubs and network cabling supplies E. Bootable operating system media F. Forensic software X. Collecting Volatile System Information A. Creating a trusted source for software tools B. Identifying volatile information to collect C. Storing and transferring information D. Verifying integrity E. Encrypting data F. Documentation XI. Writing and Presenting a Computer Security Incident Response Plan A. Overview of target organization B. Risk analysis C. Identification of methodology D. Incident response team E. Communication plan F. Toolkits G. Budget estimates H. Executive level summary

Go to Description    Go to top of Competencies    Go to top of Outline