Incidents Management in IT Systems
- Class 30
- Practice 30
- Independent work 120
Incidents Management in IT Systems
Lecturers and associates
Obtaining knowledge needed for establishing the information security incident management system. Learning how to perform key activities in information security incident handling. Introduction to specific types of information security incidents and techniques for mitigating the associated risks. Introduction to the laws, norms and obligations related to security incident management and reporting in Croatia and abroad. Finally, introduction to the procedures of forensic evidence collection and analysis.
Introduction and establishment of CSIRT (Introduction and overview of the course contents, terms and definitions, introduction to the establishment of a CSIRT). Establishment of CSIRT (Events and incidents, internal rules (policies, plans, procedures), types of teams and people in teams). Establishment of CSIRT and prevention of incidents (Dependences within the organization, prevention and limitation of accidents). Incident Handling (IH) (1) - Introduction and detection (Connection of IH with other processes in the organization, preparation for the occurrence of incidents, incident detection). Incident Handling (IH) (2) - Analysis and containment (analysis of incidents, Triage, incident containment). Incident Handling (IH) (3) - Resolution (Eradication of incidents, recovery, post-activity). Incident Handling (IH) (4) - Communication (Coordination within and outside the organization, sharing information, Reporting). Incident Management in practice (Useful tools and resources to manage incidents, practical experience from the financial industry). The laws, standards and guidelines (legal framework, international conventions, standards, guidelines, CCoP). Test cases (Case analysis (in-group), presentation of results, auditing other teams’ analyses). Basic digital forensics (Introduction to digital forensics, basic terms and definitions, basic procedures of digital forensics). Digital evidence and artifacts in digital forensics (What are digital evidences and artifacts, links with other areas of computer security, legal meaning of digital evidence and artifacts). Tools for digital forensics (Product features digital forensics, digital forensics tools Applications and preparation systems, verification and selection tools). Anti-forensic procedures (methods and tools, traces of anti-forensic procedures, legal aspects). The development and future challenges of digital forensics (Mobile, Network forensics, preventive forensic procedures, computer forensics of the cloud)
Steve Anson: Applied Incident Response, Wiley, 2020.
National Institute of Standards and Technology, Computer Security Incident Handling Guide, NIST Special Publication 800-61, U.S. Department of Commerce, Kolovoz 2012, http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf
European Network and Information Security Agency (ENISA), Good Practice Guide for Incident Management, 2010, http://www.enisa.europa.eu/activities/cert/support/incident-management/files/good-practice-guide-for-incident-management
National Institute of Standards and Technology, Guide for Cybersecurity Event Recovery, Special Publication 800-184, Prosinac 2016, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-184.pdf
John Sammons: The Basics of Digital Forensics, Second Edition: The Primer for Getting Started in Digital Forensics 2nd Edition, ISBN-13: 978-0128016350, ISBN-10: 0128016353
- Study program duration
- 4 semesters (2 years)
- Semester duration
- 15 weeks of active teaching + 5 examination weeks
- Total number of ects points
- Certifications obtained during studies
IT SMF – ITIL FoundationCisco CCNP
- struč.spec.ing.comp. (Professional Master of Computer Engineering with sub-specialization in Systems Engineering)
Minimal learning outcomes
- Justify basic reasons and procedures for constituting CSIRT as well as CSIRT’s operational activities.
- Apply regulatory requirements, standards and guidelines relevant for incident management.
- Administer basic incident detection and analysis procedures.
- Administer basic procedures for incident resolution and communication about incidents.
- Apply Forensic analysis procedures
Preferred learning outcomes
- Elucidate reasons and procedures for constituting CSIRT as well as CSIRT’s operational activities.
- Thoroughly apply regulatory requirements, standards and guidelines relevant for incident management.
- Thoroughly apply incident detection and analysis procedures.
- Thoroughly apply procedures for incident resolution and communication about incidents.
- Discuss each phase of Forensic analysis
Why is Algebra a safe choice for your future?
Here you will learn all about information technologies and prepare for a career that is constantly in demand. We offer you a platform for personal growth that makes you a prime target for employers.
We refuse to stand still in a rapidly changing world. Our programs stay relevant and keep up with modern trends.
We take pride in numerous accolades and our title of The best professional study program in Croatia and constantly strive to justify that trust. We do not take our task lightly, knowing that your future depends on it.