Incident Handler - CSIRT-MU
About This Course
The course is designed to give IT administrators an insight into activities related to responding to cybersecurity threats and incidents. It introduces the role of a CSIRT team in an organization and describe its services and the steps taken to resolve a security incident. The course then continues with two lessons on preemptive measures the administrators can use to mitigate or lower the impact of cyber-attacks. The attendee will learn concepts of infrastructure protection on the network and system level and become familiar with the network segmentation, the firewalls, and end-hosts protection. He will also learn the phases of a penetration testing process, from interactions with client, to actual testing, to reporting. Finally, the lessons on network and system forensics give the insight on investigation of incidents. The system forensics covers the procedures of evidence gathering and investigation of filesystem and operating memory. The network forensics lesson provides knowledge of network operation, users, services, and their interactions to debug networking issues and to detect misbehavior, malicious traffic, and intruders.
Meet your lecturers
Internal Security Auditor - CSIRT-MU
- Lesson 1 – Computer Security Incident Response
- Lesson 2 – Defense
- Lesson 3 – Penetration Testing
- Lesson 4 – Network Forensics
- Lesson 5 – Machine Forensics
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.
- Knowledge of operating system administration.
- Basic knowledge of principles of operating systems and their architectures.
- Basic knowledge of command line and scripting.
- The participants will learn how track and document cybersecurity defense incidents from initial detection through final resolution.
- Knowledge of incident response and handling methodologies.
- Knowledge of cyber threats and vulnerabilities.
- Understanding basic concepts and vocabulary of penetration testing.
- Ability to test your own infrastructure with free tools.
- Knowledge of the principles to secure digital evidence.
- Ability to analyze packet capture data.
- ENISA, Good Practice Guide for Incident Management. 2010.
- J. Kävrestad, Fundamentals of Digital Forensics: Theory, Methods, and Real-Life Applications, 2nd ed. Cham: Springer International Publishing, 2020.
- B. Nikkel, Practical Forensic Imaging: Securing Digital Evidence with Linux Tools, 1st ed. San Francisco: No Starch Press, 2016.
- R. Messier, Network Forensics. Indianapolis: Wiley, 2017.
- D. Regalado, A. Harper, S. Harris, R. Linn, C. Eagle, J. Ness, B. Spasojevic, and M. Baucom, Gray Hat Hacking: The Ethical Hacker's Handbook, 5th edition. USA: McGraw-Hill, 2018.
- Q: I have an issue with registration/logging in. Who can I contact?
A: In this case, please contact our edX administrator — firstname.lastname@example.org.
- Q: Do I need some sort of special equipment for passing the course?
A: No. You don't need any special equipment. You will just basically need a PC or a notebook with an internet connection for studying our course.
- Q: What's the difference between your course and other online courses that seem the same?
A: Besides the course's theoretical background (during its self-study part), it is primarily focused on practical tasks with hands-on exercises, final an assignment, and one day workshop.
- Q: I have some experience in the field that your course covers. I just need to study topics I am not experienced with. Can I just skip those parts of the course I already know?
A: The whole self-study part of the course is focused on your own learning process. It means you can study as fast or as slow as you can at the moment. It also includes the content itself — our course allows you to learn just those important parts. But it is crucial to accomplish all mandatory tasks to finish our course.
- Q: What are the conditions for successful completion of the course?
A: You need to accomplish the course's final assignment and be present at the workshop (which will be followed after the self-study part of the course). The final assignment consists of two parts. They are connected to the workshop, so they are a crucial element of this course.
- Q: What if I find out that the course is not useful for me?
A: Of course, this can happen. In the first place, we recommend you contact the course administrator to help you anyhow. Even after that, if you still feel that our course does not suit you, just stop studying and let us know.
Sub-project TN01000077/8 CSIRT BootCamp implemented within the project TN01000077 The National Center of Competence for Cybersecurity is solved with the financial support of TA ČR.