Version: 3/20/2019 2
Additional Course Information
Topical Outline: Each offering of this course must include the following topics (be sure to include information regarding lab,
practicum, and clinical or other non-lecture instruction).
Planning for Organizational Readiness
Incident Response Team Structure
Incident Response Planning
Incident Response: Detection and Decision Making (DoS, Malicious Code, Unauthorized Access,
Detection and Analysis
Response Strategies: Containment, Eradication and Recovery
Post-incident Activity
Disaster Recovery
Online Tools and Resources
Crisis Handling Steps
Federal Agency Incident Reporting
Course Learning Outcomes:
Learning Outcomes – Upon successful completion of this course, students will:
1. Identify sources of attacks;
2. Restore the system to normal operation;
3. Identify and prevent security threats;
4. Perform a postmortem analysis;
5. Identify computer investigation issues;
6. Identify the roles and responsibility of the incident response team.
Methods of Assessment:
All outcomes will be accessed by one or more of the following:
* Individual Projects
* Group Projects
* Lab Assignments
* Tests and Quizzes
* Final Exam
Required text(s), optional text(s) and/or materials to be supplied by the student:
NIST Special Publication 800-61 Revision 1: Computer Security Incident Handling Guide, 2012, Computer Security
Division, NIST, Gaithersburg, MD, Emmanuel Aroms and
Principles of Incident Response and Disaster Recovery, 2nd Edition, Michael E. Whitman, Mattford, Herbert and Green,
Andrew, Cengage, 2014, ISBN 978-1111138059
or current textbook on the topic.
Suggested Course Maximum:
20
List any specific or physical requirements beyond a typical classroom required to teach the
course.
Access to netlab