Image for
Home

Threat management and incident response

  • Class 30
  • Practice 30
  • Independent work 90
Total 150

Course title

Threat management and incident response

Lecture type

Elective

Course code

21-02-548

Semester

1

ECTS

5

Lecturers and associates

Course overview

This module is designed and developed in collaboration with cybersecurity and threat intelligence experts across the globe to support organizations identify and mitigate business risks by converting unknown internal and external threats into known threats.

This is a comprehensive programme where students learn structured approaches for building effective threat intelligence.
Students will learn about:
Key issues plaguing the information security world
Importance of threat intelligence in risk management, SIEM, and incident response
Various types of cyber This module is designed and developed in collaboration with cybersecurity and threat intelligence experts across the globe to support organizations identify and mitigate business risks by converting unknown internal and external threats into known threats.

This is a comprehensive programme where students learn structured approaches for building effective threat intelligence.
Students will learn about:
• Key issues plaguing the information security world
• Importance of threat intelligence in risk management, SIEM, and incident response
• Various types of cyber threats, threat actors and their motives, goals, and objectives of cybersecurity attacks
• Decode the various steps involved in planning an incident handling and response program
• Fundamentals of incident management including the signs and costs of an incident
• Cyber kill chain methodology, Advanced Persistent Threat (APT) lifecycle, Tactics, Techniques, and Procedures (TTPs), Indicators of Compromise (IoCs), and pyramid of pain
• Different types of data feeds, sources, and data collection methods
• Threat intelligence data collection and acquisition through Open Source Intelligence (OSINT), Human Intelligence (HUMINT), Cyber Counterintelligence (CCI), Indicators of Compromise (IoCs), and malware analysis
• Creating effective threat intelligence reports
• Different data analysis, threat modeling, and threat intelligence tools
• Skills in handling different types of cybersecurity incidents
• Apply the right techniques to different types of cybersecurity incidents in a systematic manner including malware incidents, email security incidents, network security incidents, web application security incidents, cloud security incidents, and insider threat-related incidents

This module enables students to recognise threats and how to deal with incidents in enterprise environments.
threats, threat actors and their motives, goals, and objectives of cybersecurity attacks
Decode the various steps involved in planning an incident handling and response program
Fundamentals of incident management including the signs and costs of an incident
Cyber kill chain methodology, Advanced Persistent Threat (APT) lifecycle, Tactics, Techniques, and Procedures (TTPs), Indicators of Compromise (IoCs), and pyramid of pain
Different types of data feeds, sources, and data collection methods
Threat intelligence data collection and acquisition through Open Source Intelligence (OSINT), Human Intelligence (HUMINT), Cyber Counterintelligence (CCI), Indicators of Compromise (IoCs), and malware analysis
Creating effective threat intelligence reports
Different data analysis, threat modeling, and threat intelligence tools
Skills in handling different types of cybersecurity incidents
Apply the right techniques to different types of cybersecurity incidents in a systematic manner including malware incidents, email security incidents, network security incidents, web application security incidents, cloud security incidents, and insider threat-related incidents

This module enables students to recognise threats and how to deal with incidents in enterprise environments.

Literature

Essential reading:
1. Palacín, V. (2021). Practical Threat Intelligence and Data-Driven Threat Hunting, Birmingham: Packt.
2. Anson, S., (2020). Applied Incident Response. New York: John Wiley and Sons.

Recommended reading:
1. Taurins, E. (2020). How to set up CSIRT and SOC. [s.l.]: ENISA.
2. Cichonski, P. et al. (2012). Computer Security Incident Handling Guide, [s.l.]: NIST.

Further reading:
1. [Anon.] (2010). Good Practice Guide for Incident Management. [s.l.]: ENISA.
2. Bartock, M. et al. (2016). SP 800-184, Guide for Cybersecurity Event Recovery, [s.l.]: NIST

Minimal learning outcomes

  • Explain the concepts of threat management and relate them to the stages of an attack
  • Evaluate different methods of data collection and processing
  • Apply threat assessment techniques and apply risk mitigation procedures
  • Assess different cyber security threats, attack vectors, actors and their motives and goals
  • Explain the concepts of incident management
  • Evaluate various best practices, standards, cyber security frameworks, laws, acts and regulations in dealing with incidents

Preferred learning outcomes

  • Evaluate the concepts of threat management
  • Design solution for data collection and processing
  • Design threat assessment solution
  • Evaluate different cyber security threats, attack vectors, actors and their goals
  • Design solution for incident respond
  • Valorise various best practices, standards, cyber security frameworks, laws, acts and regulations in dealing with incidents
Preuzmi vodič za studente
Share: Facebook Twitter