Cybersecurity Operations 1000-2M24OC

1. Introduction to practical security. Types of security teams, Security Operations setup and tooling.
2. Data for Security Operations, log management.
3. Cybersecurity analysis methodologies, alert triage, threat detections, threat hunting.
4. Incident response: tooling, processes, planning.
5. Automating security incident analysis and resolution.
6. Vulnerability management processes and tools.
7. Cybersecurity risk management.
8. Email and messaging security.
9. Red teaming, purple teaming, threat emulation.

Type of course

elective courses

Prerequisites (description)

1. Operating systems basics: Windows, Linux, including basic skills in shell scripting 2. Common network protocols 3. Cloud basics 4. Database basics 5. Recommended: basic python knowledge

Course coordinators

Rafał Chruściel

Learning outcomes

Knowlegde:
• The student knows and understands how SOC works
• The student knows and understands the relationship between SOC and other departments of the company
• The student knows and understands the ways of optimizing and automating the work of a cybersecurity analyst, incident responder
• The student knows and understands the risk topic in the field of cybersecurity
• The student knows and understands the issues of vulnerability management

Skills
• The student is able to optimize and improve the operation of the SOC
• The student is able to asses and automate the tasks of the SOC analyst to a basic degree
• The student is able to work as a junior VM engineer and has the necessary knowledge about vulnerability management
Competencies
• The student is ready to work as a junior in SOC environment
• The student is ready to help society in preventing cybersecurity threats

Assessment criteria

The final test and final project will be taken into account to calculate the final grade (both grades have to be positive):

Test: percentage of proper answers, then mapped to a mark,
Project: assessment of project scope, complexity and students own input.
The final grade will be determined on the basis of the average of both grades (test and project).

Bibliography

NIST Computer Security Incident Handling guide: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf
NIST Guide to Enterprise Path Management Planning: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r4.pdf
Microsoft Incident Response Reference guide: https://info.microsoft.com/rs/157-GQE-382/images/EN-US-CNTNT-emergency-doc-digital.pdf
Elastic stack documentation: https://www.elastic.co/guide/index.html
ATT&CK MITRE framework: https://attack.mitre.org/

Additional information

Information on level of this course, year of study and semester when the course unit is delivered, types and amount of class hours - can be found in course structure diagrams of apropriate study programmes. This course is related to the following study programmes:

Additional information (registration calendar, class conductors, localization and schedules of classes), might be available in the USOSweb system:

Description of 1000-2M24OC in USOSweb