OMSHub
RecentsAbout

Security Operations and Incidence Response

Average Workload

5.4 hrs/wk

Average Difficulty

2.0 /5

Average Overall

4.1 /5
CS-8803-OC1
Security Operations and Incidence Response
Taken Fall 2021
Reviewed on 12/23/2021
Legacy
Workload: 8 hr/wk
Difficulty: Easy
Overall: Liked

Overall, this was a solid course, probably the most job-applicable learning that I've had in the program so far.

Grades are based on current event discussions, case studies, projects, and a final group project:

  • There are 5 current event discussions totaling 10% of the grade. Each member in a small group picks a current event and the group discusses it. Participate and provide 3 well-thought responses, and this is an easy grade boost.
  • 9 case studies - readings and lectures are provided on various incidents along with questions. Respond to the questions in a 500-word short response; each of these took about an hour or so, including watching the lectures and reading related articles
  • 4 projects - I'll provide more on these below
  • Group project - investigate an incident within a group; you have to provide a couple status updates, and how you do here will likely depend on how your group is constructed and everyone contributing to the effort. This one was a lot of work, but very rewarding.

More on the 4 individual projects:

  • Project 1 - IR Plan - Develop an incident response plan for a web server compromise. Not particularly difficult, but make sure that you include everything requested and that you cite any materials used (numerous students got hit with OSI violations for copy/pasting parts of other IR plans)
  • Project 2 - Web server compromise investigation - a more straightforward investigation regarding a web server compromise. You use splunk to investigate and develop an IR report based on a provided template
  • Project 3 - Phishing investigation - similar to the web server compromise investigation, you investigate to determine if an email is phishing and who may be impacted. This also adds on an investigation log (tracking all of the actions taken as an investigator)
  • Project 4 - IDS Signatures - develop snort rules to detect various types of attack traffic. Read the relevant documentation and figure out how to apply it; there is also a chance for extra credit on this project. Probably the quickest of the set of projects.