|
Overview:
Pre-Requisites:
Start here!:
|
Attendance:There is no physical classroom for this course. To check attendance you are to complete the Syllabus quiz by the assigned due date. Please read the syllabus prior to taking the quiz. If you fail to complete the quiz prior to the indicated due date you will be counted as "not attending," which may affect any financial aid you may be receiving.
BSIT CurriculumHere's the new curriculum (2016) for our BS in IT degree at Daytona State College.
This course is taught at Daytona State College as part of the Engineering Technology program. |
Why learn Incident Response?
Do your future plans involve working in IT? I'm assuming they are, as this course is geared toward students who will work in some area of IT, whether as a network, systems, or security administrator, or even management. The following is a description of an 'incident' from the NIST Incident Response Guide:
"In general, an incident is a violation of computer security policies, acceptable use policies, or standard computer security practices. Examples of incidents are—
"Incidents" occur on a daily basis at every organization. "Perpetrators" of incidents can range from the disgruntled employee, to nation states. Consequences of incidents range from the banal (Suzy looked at Timmy's document) to intellectual property theft to online business/organizations unable to function.
So why learn incident response? Because if you are to work as a network/systems/security administrator you WILL encounter them. Don't wait to learn 'on-the-job,' learn here in a nice, cozy, protected environment, where you can make mistakes, learn from them, and NOT GET FIRED. :)
If this is the first time reading this page make sure you read the ENTIRE page first! Then you can jump into the downloads below. Major Topics Covered in This Course
|
Course Outcomes
By the end of this course the successful student will be able to:
1. Students will be able identify INFOSEC principles, various types of incidents, investigative steps, and possible outcomes. 2. Students will be able to perform analysis of real malware, including static and dynamic analysis. 3. Students will be able to recover volatile information from a running computer. 4. Students will be able to describe steganography, identify a stego file, and recover the hidden message. 5. Students will be able to identify procedures used in network forensics, identify major components of TCP/IP, and use a network monitoring tool (Wireshark) to identify normal and abnormal traffic (syn scans, password guessing, downloading of protected intellectual property, SQL injection, buffer overflow). 6. Students will be able to identify differences between network intrusion detection systems, and host-based intrusion detection systems, including identifying the structure and configuration of the latter. 7. Students will be able to identify the uses and various levels of interaction involved in the deployment and analysis of a honeypot. 8. Students will perform an incident response on a live system, including gathering and analyzing evidence from log files, emails, system configuration files, and 'employee' directories. Textbooks
All required readings will be provided. Readings include governmental publications, the professor’s published work in the related topics, and web readings. The two major readings will be:
These are free publications that I’ve uploaded on the website. There are additional readings as well.
Readings are normally available in PDF format. If you don’t have a PDF reader, I suggest you download Foxit Reader (free for Windows). You can download Foxit Reader at: http://www.foxitsoftware.com/pdf/reader/
|
Course LecturesClick here to view All Course Lectures
Course lectures are usually 10-30 minutes long, and are in MP4 format. More information is available or individual lectures in the link above.
I suggest you save each lecture to your hard drive so you may access it anytime. Pause when you need to. Replay when you need to. Have you ever tried doing that in a 'live' class? Maybe a couple of times, but now YOU are in control.
Also, an analogy: I bought Tiger Woods' book on golf. Read the whole thing cover to cover. Now I can play golf just like Tiger. Nope. Have to practice, again and again and again. Same thing goes for this class. Can't learn Linux by just watching a lecture. You MUST practice, as much as possible. I highly suggest that while watching the video you have your Linux virtual machine running. Pause the video when I run a command. Run the command, see what it does. Start the video, and repeat.
You may ask: "Why are your videos so much shorter than a regular class?" Have you ever seen a recording of a regular class? Most of it is 'dead space,' nothing being said, idle chit chat, etc. My lectures are intentionally 'dense' with material. Take a 1.5 hour lecture, remove extraneous information, pauses, chit chat, dead space, and voila -- a condensed version that is 10-30 minutes. The 'Cliff Notes' of lectures (you young people may have to Google that).
It takes more time to edit my videos than record them. The condensed version allows you use YOUR time more wisely. There's no sense in doing it any other way. You're welcome. :)
|
Certificate in Cybersecurity and Cyberforensics
If you are in the BSIT program then this is a great opportunity for you to earn the new Cybersecurity and Cyberforensics certiciate. Here's the link that explains more.
http://cybercertificate.pbworks.com
|