Dec 09, 2024  
2023-2024 College Catalog 
    
2023-2024 College Catalog [ARCHIVED CATALOG]

CIS 245 - Cyber Defense

3 Credits, 4 Contact Hours
2 lecture periods 2 lab periods

Knowledge and skills required to configure and use threat detection and monitoring tools, data analysis, vulnerability identification, and threats identification.

Prerequisite(s): CIS 225  and CIS 228  
Information: This course may help in the preparation for the Comp TIA CySA+ certification and examination.
Gen-Ed: Meets AGEC Options requirement; Meets CTE - Options requirement



Button linking to AZ Transfer course equivalency guide    button image Prior Learning and link to PLA webpage

Course Learning Outcomes
  1. Implement a vulnerability management process and incorporate analysis of the results of the scan.
  2. Explain the circumstances under which a vulnerability must be disclosed.
  3. Develop a response plan based on evaluation of incident impact.
  4. Prepare a toolkit with appropriate forensics tools and communication plan.
  5.  Recommend remediation of security issues related to identity and access management.
  6. Configure threat-detection tools.
  7. Apply environmental reconnaissance techniques using appropriate tools.

Outline:
  1. Threat Management
    1. Practices used to secure a corporate environment
      1. Penetration testing
      2. Reverse engineering
      3. Training and exercises
      4. Risk evaluation
    2. Network threats
      1. Network segmentation
      2. Endpoint security
      3. System hardening
      4. Network access control
    3. Network reconnaissance
      1. Real-time data analysis
      2. Data correlation
      3. Logging
    4. Systems reconnaissance
      1. Service discovery
      2. Social engineering
      3. Topology discovery
  2. Vulnerability Management
    1. Vulnerability management process
      1. Asset discovery and inventory
      2. Scanning and reporting
      3. Remediation
    2. Common vulnerabilities
      1. Virtual infrastructure
      2. Servers
      3. Endpoints
      4. Mobile devices
      5. SCADA and ICS
  3. Cyber Incident Response
    1. Impact of incident
      1. Threat classification
      2. Data classification
      3. Severity and prioritization
    2. Forensic evaluation
      1. Physical forensics kits
      2. Investigation software
    3. Identifying an incident
      1. Network symptoms
      2. Host symptoms
      3. Application symptoms
    4. Post incident recovery
  4. Security Architecture and Tool Sets
    1. Common policies, controls, and procedures
      1. Regulatory frameworks
      2. Review of sample policy, controls, and procedures
      3. Verification and auditing
    2. Identity and access management
      1. Context-based authentication
      2. Endpoint repositories
      3. Federation and single sign-on


Effective Term:
Fall 2023