Programs

System Engineering

Incidents Management in IT Systems

  • Class 30
  • Practice 30
  • Independent work 120
Total 180

Course title

Incidents Management in IT Systems

Lecture type

Obligatory

Course code

12235

Semester

1

ECTS

6

Lecturers and associates

Course objectives

Obtaining knowledge needed for establishing the information security incident management system. Learning how to perform key activities in information security incident handling. Introduction to specific types of information security incidents and techniques for mitigating the associated risks. Introduction to the laws, norms and obligations related to security incident management and reporting in Croatia and abroad. Finally, introduction to the procedures of forensic evidence collection and analysis.

Content

Introduction and establishment of CSIRT (Introduction and overview of the course contents, terms and definitions, introduction to the establishment of a CSIRT). Establishment of CSIRT (Events and incidents, internal rules (policies, plans, procedures), types of teams and people in teams). Establishment of CSIRT and prevention of incidents (Dependences within the organization, prevention and limitation of accidents). Incident Handling (IH) (1) - Introduction and detection (Connection of IH with other processes in the organization, preparation for the occurrence of incidents, incident detection). Incident Handling (IH) (2) - Analysis and containment (analysis of incidents, Triage, incident containment). Incident Handling (IH) (3) - Resolution (Eradication of incidents, recovery, post-activity). Incident Handling (IH) (4) - Communication (Coordination within and outside the organization, sharing information, Reporting). Incident Management in practice (Useful tools and resources to manage incidents, practical experience from the financial industry). The laws, standards and guidelines (legal framework, international conventions, standards, guidelines, CCoP). Test cases (Case analysis (in-group), presentation of results, auditing other teams’ analyses). Basic digital forensics (Introduction to digital forensics, basic terms and definitions, basic procedures of digital forensics). Digital evidence and artifacts in digital forensics (What are digital evidences and artifacts, links with other areas of computer security, legal meaning of digital evidence and artifacts). Tools for digital forensics (Product features digital forensics, digital forensics tools Applications and preparation systems, verification and selection tools). Anti-forensic procedures (methods and tools, traces of anti-forensic procedures, legal aspects). The development and future challenges of digital forensics (Mobile, Network forensics, preventive forensic procedures, computer forensics of the cloud)

Required reading

Steve Anson: Applied Incident Response, Wiley, 2020.

Additional reading

National Institute of Standards and Technology, Computer Security Incident Handling Guide, NIST Special Publication 800-61, U.S. Department of Commerce, Kolovoz 2012, http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf

European Network and Information Security Agency (ENISA), Good Practice Guide for Incident Management, 2010, http://www.enisa.europa.eu/activities/cert/support/incident-management/files/good-practice-guide-for-incident-management

National Institute of Standards and Technology, Guide for Cybersecurity Event Recovery, Special Publication 800-184, Prosinac 2016, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-184.pdf

John Sammons: The Basics of Digital Forensics, Second Edition: The Primer for Getting Started in Digital Forensics 2nd Edition, ISBN-13: 978-0128016350, ISBN-10: 0128016353

Minimal learning outcomes

  • Justify basic reasons and procedures for constituting CSIRT as well as CSIRT’s operational activities.
  • Apply regulatory requirements, standards and guidelines relevant for incident management.
  • Administer basic incident detection and analysis procedures.
  • Administer basic procedures for incident resolution and communication about incidents.
  • Apply Forensic analysis procedures

Preferred learning outcomes

  • Elucidate reasons and procedures for constituting CSIRT as well as CSIRT’s operational activities.
  • Thoroughly apply regulatory requirements, standards and guidelines relevant for incident management.
  • Thoroughly apply incident detection and analysis procedures.
  • Thoroughly apply procedures for incident resolution and communication about incidents.
  • Discuss each phase of Forensic analysis
Share: Facebook Twitter

Excel at what you love doing. Light the spark.

Apply now!

Why is Algebra a safe choice for your future?

A Strong
Tailwind

Here you will learn all about information technologies and prepare for a career that is constantly in demand. We offer you a platform for personal growth that makes you a prime target for employers.

Modern Methodology

We refuse to stand still in a rapidly changing world. Our programs stay relevant and keep up with modern trends.

Matchless
Quality

We take pride in numerous accolades and our title of The best professional study program in Croatia and constantly strive to justify that trust. We do not take our task lightly, knowing that your future depends on it.

Newsletter

Stay informed about everything that goes on at the University. Subscribe to our newsletter.