Course - Introduction to incident response - IIKG3020
IIKG3020 - Introduction to incident response
About
Examination arrangement
Examination arrangement: Aggregate score
Grade: Letter grades
| Evaluation | Weighting | Duration | Grade deviation | Examination aids |
|---|---|---|---|---|
| Project Assignment | 60/100 | |||
| School exam | 40/100 | 2 hours | E |
Course content
- Incident response planning: preparation, organization, building and running a CSIRT, operational issues, hiring and training of personnel
- Incident response: prevention, detection, notification, reaction, recovery, maintenance
- Advanced computer network defence: vulnerability and threat management, threat intelligence and situational awareness, tools and processes, frameworks (ATT&CK, Cyber Kill Chain, etc.), threat hunting, information sharing
- Planning and running incident response team exercises
Learning outcome
Knowledge
- The student understands cyber incident response and its components.
- The student has a good overview of known frameworks and tools for incident response.
- The student has general knowledge of planning for incident response readiness and managing the operational aspects of the incident response team.
- The student has general knowledge of how to perform incident response for various types of adverse incidents, including intrusions from advanced threat actors.
Skills
- The student can plan for and handle larger and smaller cyber incidents.
- The student can organize an incident response team in a manner that ensures good handling of incidents while also making sure staff burnout is avoided.
General Competence
- The student has broad knowledge of cyber incident response and is able to communicate this to others.
Learning methods and activities
- Online lectures
- Group project work
Project and lab assignments will be facilitated across Trondheim and Gjøvik campuses.
Further on evaluation
- Digital written school examination counts for 40%
- The project counts for 60%
- Both parts must be passed.
Re-sit examination in August. Re-sit examination can be changed from digital written school exam to oral exam. No re-sit for the project, the project work has to be redone next course dates.
Retake can be carried out for some partial assessments without all partial assessments having to be taken up again.
Specific conditions
Admission to a programme of study is required:
Digital Infrastructure and Cyber Security (BDIGSEC)
Recommended previous knowledge
- DCSG1006 - Data communication and networks
- DCSG2001 - Interconnected Networks and Network Security
- DCSG2005 - Risk Management
Required previous knowledge
None
Course materials
Eleven Strategies of a World-Class Cybersecurity Operations Center, Kathryn Knerler, Ingrid Parker, Carson Zimmermann, The MITRE Corporation, 2022. Free e-book available from:
https://www.mitre.org/sites/default/files/2022-04/11-strategies-of-a-world-class-cybersecurity-operations-center.pdf
Other course material will be made available via the learning portal.
Credit reductions
| Course code | Reduction | From | To |
|---|---|---|---|
| IMT3004 | 5.0 | AUTUMN 2021 | |
| IMT3521 | 7.5 | AUTUMN 2021 | |
| IMT4841 | 7.5 | AUTUMN 2021 |
No
Version: 1
Credits:
7.5 SP
Study level: Third-year courses, level III
Term no.: 1
Teaching semester: AUTUMN 2024
Language of instruction: Norwegian
Location: Gjøvik , Trondheim
- Information Security
Department with academic responsibility
Department of Information Security and Communication Technology
Examination
Examination arrangement: Aggregate score
- Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
- Autumn ORD School exam 40/100 E 2024-11-25 15:00 INSPERA
-
Room Building Number of candidates M433-Eksamensrom 4.etg Mustad, Inngang A 34 M406-Eksamensrom 4.etg Mustad, Inngang A 1 SL425 Sluppenvegen 14 0 SL110 lilla sone Sluppenvegen 14 8 -
Autumn
ORD
Project Assignment
60/100
Release
2024-10-21Submission
2024-10-31
10:00
INSPERA
14:00 -
Room Building Number of candidates - Summer UTS School exam 40/100 E INSPERA
-
Room Building Number of candidates
- * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
For more information regarding registration for examination and examination procedures, see "Innsida - Exams"