PV210 Cybersecurity in an Organization

Faculty of Informatics
Autumn 2024
Extent and Intensity
2/0/2. 3 credit(s) (plus extra credits for completion). Type of Completion: k (colloquium).
In-person direct teaching
Teacher(s)
doc. RNDr. Jan Vykopal, Ph.D. (lecturer)
RNDr. Martin Laštovička, Ph.D. (lecturer)
doc. Ing. Pavel Čeleda, Ph.D. (lecturer)
Guaranteed by
doc. RNDr. Jan Vykopal, Ph.D.
Department of Computer Systems and Communications – Faculty of Informatics
Contact Person: doc. RNDr. Jan Vykopal, Ph.D.
Supplier department: Department of Computer Systems and Communications – Faculty of Informatics
Timetable
Thu 26. 9. to Thu 12. 12. Thu 10:00–11:50 D3; and Thu 19. 12. 10:00–11:50 A318
Prerequisites (in Czech)
PV080 Inf. security and cryptography
Course Enrolment Limitations
The course is also offered to the students of the fields other than those the course is directly associated with.
The capacity limit for the course is 60 student(s).
Current registration and enrolment status: enrolled: 39/60, only registered: 2/60, only registered with preference (fields directly associated with the programme): 2/60
fields of study / plans the course is directly associated with
Course objectives
The general objective of the course is to introduce the role and services of a Computer Security Incident Response Team (CSIRT) in an organization. The course covers specific knowledge and skills required for the work role of Incident Response as defined by the NICE Cybersecurity Workforce Framework (see https://niccs.cisa.gov/workforce-development/nice-framework/work-role/incident-response).
Learning outcomes
At the end of the course, a student should be able to:
  • understand the role and basic services of a CSIRT;
  • perform cyber defense incident triage;
  • track and document cyber defense incidents from initial detection through final resolution;
  • coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents;
  • coordinate incident response functions;
  • write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies;
  • collect intrusion artifacts and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise;
  • monitor external data sources to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise;
  • Syllabus
    • Computer Security Incident Response Team (CSIRT) and its role.
    • Recognizing and categorizing types of vulnerabilities and associated attacks.
    • Incident handling phases.
    • Attack detection.
    • Security advisories.
    • Attack defense and impact.
    • Cyber defense and information security policies, procedures, and regulations.
    • Legal aspects.
    • Table-top exercises on topics covered in the semester.
    Literature
    • FIRST CSIRT Services Framework. 2019. URL: https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1.
    • ENISA. Good Practice Guide for Incident Management. 2010. URL: https://www.enisa.europa.eu/publications/good-practice-guide-for-incident-management.
    Teaching methods
    Interactive classes, homework assignments, tabletop exercises during the semester and at the end of the course.
    Assessment methods
    Homework assignments during the semester, active participation in table-top exercises.
    Language of instruction
    Czech
    Further comments (probably available only in Czech)
    Study Materials
    The course is taught annually.
    Teacher's information
    The course is taught in Czech. All material and assignments will be provided primarily in English.
    The course is also listed under the following terms Autumn 2008, Autumn 2009, Autumn 2010, Autumn 2011, Autumn 2012, Autumn 2013, Autumn 2014, Autumn 2015, Autumn 2016, Autumn 2017, Autumn 2018, Autumn 2019, Autumn 2021, Autumn 2022, Autumn 2023.
    • Enrolment Statistics (recent)
    • Permalink: https://is.muni.cz/course/fi/autumn2024/PV210