Mar 28, 2024  
2021-2022 College Catalog 
    
2021-2022 College Catalog [ARCHIVED CATALOG]

CIS 245 - Cyber Analytics, Detection, and Response

3 Credits, 4 Contact Hours
2 lecture periods 2 lab periods

Knowledge and skills required to configure and use threat detection and monitoring tools, data analysis, vulnerability identification, and threats identification.

Prerequisite(s): CIS 225  
Information: This course may help in the preparation for the Comp TIA CySA+ certification and examination.
  button image Prior Learning and link to PLA webpage



Course Learning Outcomes
1.        Implement a vulnerability management process and incorporate analysis of the results of the scan.

2.        Develop a response plan based on evaluation of incident impact.

3.        Prepare a toolkit with appropriate forensics tools and communication plan.

4.        Recommend remediation of security issues related to identity and access management.

5.        Configure threat-detection tools.

6.        Apply environmental reconnaissance techniques using appropriate tools.


Outline:
  1. Threat Management
    1. Practices used to secure a corporate environment
      1. Penetration testing
      2. Reverse engineering
      3. Training and exercises
      4. Risk evaluation
    2. Network threats
      1. Network segmentation
      2. Endpoint security
      3. System hardening
      4. Network access control
    3. Network reconnaissance
      1. Real-time data analysis
      2. Data correlation
      3. Logging
    4. Systems reconnaissance
      1. Service discovery
      2. Social engineering
      3. Topology discovery
  2. Vulnerability Management
    1. Vulnerability management process
      1. Asset discovery and inventory
      2. Scanning and reporting
      3. Remediation
    2. Common vulnerabilities
      1. Virtual infrastructure
      2. Servers
      3. Endpoints
      4. Mobile devices
      5. SCADA and ICS
  3. Cyber Incident Response
    1. Impact of incident
      1. Threat classification
      2. Data classification
      3. Severity and prioritization
    2. Forensic evaluation
      1. Physical forensics kits
      2. Investigation software
    3. Identifying an incident
      1. Network symptoms
      2. Host symptoms
      3. Application symptoms
    4. Post incident recovery
  4. Security Architecture and Tool Sets
    1. Common policies, controls, and procedures
      1. Regulatory frameworks
      2. Review of sample policy, controls, and procedures
      3. Verification and auditing
    2. Identity and access management
      1. Context-based authentication
      2. Endpoint repositories
      3. Federation and single sign-on


Effective Term:
Full Academic Year 2020/21