Threat management and incident response
- Predavanje 30
- Vježbe 30
- Samostalni rad 90
Naziv predmeta
Threat management and incident response
Tip predmeta
Elective
Oznaka predmeta
22-02-548
Semestar
1
ECTS
5
Nastavnici i suradnici
Sadržaj i cilj
This module is designed and developed in collaboration with cybersecurity and threat intelligence experts across the globe to support organizations identify and mitigate business risks by converting unknown internal and external threats into known threats.
This is a comprehensive programme where students learn structured approaches for building effective threat intelligence.
Students will learn about:
Key issues plaguing the information security world
Importance of threat intelligence in risk management, SIEM, and incident response
Various types of cyber This module is designed and developed in collaboration with cybersecurity and threat intelligence experts across the globe to support organizations identify and mitigate business risks by converting unknown internal and external threats into known threats.
This is a comprehensive programme where students learn structured approaches for building effective threat intelligence.
Students will learn about:
• Key issues plaguing the information security world
• Importance of threat intelligence in risk management, SIEM, and incident response
• Various types of cyber threats, threat actors and their motives, goals, and objectives of cybersecurity attacks
• Decode the various steps involved in planning an incident handling and response program
• Fundamentals of incident management including the signs and costs of an incident
• Cyber kill chain methodology, Advanced Persistent Threat (APT) lifecycle, Tactics, Techniques, and Procedures (TTPs), Indicators of Compromise (IoCs), and pyramid of pain
• Different types of data feeds, sources, and data collection methods
• Threat intelligence data collection and acquisition through Open Source Intelligence (OSINT), Human Intelligence (HUMINT), Cyber Counterintelligence (CCI), Indicators of Compromise (IoCs), and malware analysis
• Creating effective threat intelligence reports
• Different data analysis, threat modeling, and threat intelligence tools
• Skills in handling different types of cybersecurity incidents
• Apply the right techniques to different types of cybersecurity incidents in a systematic manner including malware incidents, email security incidents, network security incidents, web application security incidents, cloud security incidents, and insider threat-related incidents
This module enables students to recognise threats and how to deal with incidents in enterprise environments.
threats, threat actors and their motives, goals, and objectives of cybersecurity attacks
Decode the various steps involved in planning an incident handling and response program
Fundamentals of incident management including the signs and costs of an incident
Cyber kill chain methodology, Advanced Persistent Threat (APT) lifecycle, Tactics, Techniques, and Procedures (TTPs), Indicators of Compromise (IoCs), and pyramid of pain
Different types of data feeds, sources, and data collection methods
Threat intelligence data collection and acquisition through Open Source Intelligence (OSINT), Human Intelligence (HUMINT), Cyber Counterintelligence (CCI), Indicators of Compromise (IoCs), and malware analysis
Creating effective threat intelligence reports
Different data analysis, threat modeling, and threat intelligence tools
Skills in handling different types of cybersecurity incidents
Apply the right techniques to different types of cybersecurity incidents in a systematic manner including malware incidents, email security incidents, network security incidents, web application security incidents, cloud security incidents, and insider threat-related incidents
This module enables students to recognise threats and how to deal with incidents in enterprise environments.
Literatura
Essential reading:
1. Palacín, V. (2021). Practical Threat Intelligence and Data-Driven Threat Hunting, Birmingham: Packt.
2. Anson, S., (2020). Applied Incident Response. New York: John Wiley and Sons.
Recommended reading:
1. Taurins, E. (2020). How to set up CSIRT and SOC. [s.l.]: ENISA.
2. Cichonski, P. et al. (2012). Computer Security Incident Handling Guide, [s.l.]: NIST.
Further reading:
1. [Anon.] (2010). Good Practice Guide for Incident Management. [s.l.]: ENISA.
2. Bartock, M. et al. (2016). SP 800-184, Guide for Cybersecurity Event Recovery, [s.l.]: NIST
Professional Master in Computer Engineering, sub-specialization in Software Engineering
Minimalni ishodi učenja
- Objasniti pojmove upravljanja prijetnjama i povezati ih s fazama napada.
- Procijeniti različite metode prikupljanja i obrade podataka.
- Primijeniti tehnike procjene prijetnji i postupke ublažavanja rizika.
- Odrediti različite prijetnje kibernetičkoj sigurnosti, vektore napada, izvršitelje te njihove motive i ciljeve.
- Objasniti pojmove upravljanja sigurnosnim incidentima.
- Ocijeniti različite primjere dobre prakse, standarde, okvire za kibernetičku sigurnost, zakone, akte i propise u rješavanju sigurnosnih incidenata.
Željeni ishodi učenja
- Procijeniti pojmove upravljanja prijetnjama.
- Osmisliti rješenja za prikupljanje i obradu podataka.
- Osmisliti rješenje za procjenu prijetnji.
- Ocijeniti različite prijetnje kibernetičkoj sigurnosti, vektore napada, izvršitelje i njihove ciljeve.
- Osmisliti rješenja za odgovore na sigurnosne incidente.
- Vrednovati različite primjere dobre prakse, standarde, okvire za kibernetičku sigurnost, zakone, akte i propise u rješavanju sigurnosnih incidenata.