Skip Navigation
 

ISSC642 - Intrusion Detection and Incident Handling

Course Details

Course Code: ISSC642 Course ID: 3872 Credit Hours: 3 Level: Graduate

This course examines the tenets of Intrusion Detection, Intrusion Prevention, and Incident Handling. Intrusion Detection focuses on the methods to detect attempts (attacks or intrusions) to compromise the confidentiality, integrity or availability of an information system. Also included is an analysis of the principles and practices of intrusion detection, intrusion prevention, and incident handling; network-based, host-based, and hybrid intrusion detection; identifying attack patterns; deployment of resources and responses to handle the incident, surveillance, damage assessment, risk assessment, data forensics, data mining, attack tracing, system recovery, and continuity of operation.





Course Schedule

Registration Dates Course Dates Session Weeks
04/29/19 - 10/04/19 10/07/19 - 12/01/19 Fall 2019 Session B 8 Week session
05/27/19 - 11/01/19 11/04/19 - 12/29/19 Fall 2019 Session I 8 Week session
06/24/19 - 11/29/19 12/02/19 - 01/26/20 Fall 2019 Session D 8 Week session
07/29/19 - 01/03/20 01/06/20 - 03/01/20 Winter 2020 Session B 8 Week session
08/26/19 - 01/31/20 02/03/20 - 03/29/20 Winter 2020 Session I 8 Week session
09/30/19 - 02/28/20 03/02/20 - 04/26/20 Winter 2020 Session D 8 Week session

Current Syllabi

After successfully completing this course, you will be able to

  1. Examine the principles of intrusion detection and intrusion prevention.
  2. Evaluate the principles of incident handling & reporting.
  3. Compare and contrast network-based and host-based intrusion detection and intrusion protection systems.
  4. Assess the various detection and prevention tools, technology, and techniques.
  5. Explain the methods and techniques for recognizing and profiling attack patterns.
  6. Assess the application of data mining and artificial intelligence techniques in intrusion detection and prevention.
  7. Develop and incident response plan that incorporates attack tracing, evidence collection, and evidence analysis.
  8. Evaluate an intrusion detection system or intrusion prevention system.

For the purposes of this course, a “week” is defined as the time period between Monday–Sunday, for all weeks 1 to 8. The first week begins on the first day of the semester and ends on midnight the following Sunday.

Reading Assignments:

Readings will be assigned throughout the course (Chapters 1 -18)

Supplemental Readings:

Supplemental Reading assignments will be given from the above websites and additional resources.

Forums

Most weeks you will participate in a Forum activity. Each Forum activity will consist of one or more threads/topics. The questions are designed to allow you to apply the concepts you have learned in the chapter to real-world business scenarios or hypothetical, but realistic, situations. Please post your answers to the questions in each thread prior to 11:59 p.m. Eastern Time on Thursday. Although it is not required until Sunday, those that post by Thursday enable a real conversation in the classroom. Also, if I see you are short of any requirements it allows time for corrections. Your initial post must be a minimum of 250 words. Please do not be late with this post because your classmates will be relying on you to post on time to give them a post to respond to later in the week. The only exception to the Thursday deadline is week one of the course when your initial post will not be due until Sunday. Continue to read your classmates' posts and post at least one follow-up post to one of your classmates prior to 11:59 p.m. Eastern Time on Sunday. Your follow-up post must be a minimum of 150 words. Of course, you may always post more than the required number of replies and you are encouraged to continue participating in the discussion even after you have met the minimum number of posts required. Your follow-up posts must contain substance and should add additional insight to your classmates’ opinions or challenge their opinions. It is never sufficient to simply say, “I agree with what you wrote” or “Good post.” You must use your follow-up posts as a way to continue the discussion at a high level of thinking. Be sure to read the follow-up posts to your own posts and reply to any questions or requests for clarification, including questions posted by your professor. You will be expected to log into the classroom several times each week to participate in the class discussion. Forum postings are a large part of your grade and I will be looking for quality and depth in your postings.

Quizzes (under Assignments)

Two weeks there will be a quiz due by Sunday night, covering the material in previous week’s and the previous week’s readings. The quizzes are open book, non-proctored, and timed. You may access as often as you want but only submit each quiz once.

Idea / Research / Reflections Papers

These papers are to be in APA format. When referencing the page count, I mean in actual written content. (not cover page and diagrams) It reflects information related is on subject related to virtualization.

NameGrade %
Weekly Forum 40.00 %
Week 1 Forum 5.00 %
Week 2 Forum 5.00 %
Week 3 Forum 5.00 %
Week 4 Forum 5.00 %
Week 5 Forum 5.00 %
Week 6 Forum 5.00 %
Week 7 Forum 5.00 %
Week 8 Forum 5.00 %
Quizzes 20.00 %
Quiz#1 10.00 %
Quiz#2 10.00 %
Papers 40.00 %
Week 4 Idea Paper 10.00 %
Week 7 Research Paper 10.00 %
Week 8 Reflections Paper 20.00 %
Extra Credit Paper 2.00 %
Week 8 Extra Credit 2.00 %

Web Sites

In addition to the required course texts, the following public domain web sites are useful. Please abide by the university’s academic honesty policy when using Internet sources as well. Note web site addresses are subject to change.

Site Name- Handbook for Computer Security Incident Response Teams (CSIRTs) Moira J. West-Brown. Publisher: Carnegie-Mellon University, 2nd edition (April 2003)

Web Site URL/Address- www.sei.cmu.edu/pub/documents/03.reports/pdf/03hb002.pdf

Site Name- US-CERT: United States Computer Emergency Readiness Team (nd)

Web Site URL/Address- www.us-cert.gov/federal/

Selected Bibliography

ISSC642 – Intrusion Detection and Incident Handling Article References*

The Tao of Network Security Monitoring: Beyond Intrusion Detection, by Richard Bejtlich. Publisher: Addison-Wesley Professional; 1 edition (July 22, 2004), ISBN-10: 0321246772.

Handbook for Computer Security Incident Response Teams (CSIRTs) Moira J. West-Brown. Publisher: Carnegie-Mellon University, 2nd edition (April 2003) www.sei.cmu.edu/pub/documents/03.reports/pdf/03hb002.pdf

US-CERT: United States Computer Emergency Readiness Team (nd). www.us-cert.gov/federal/

Book Title:Tao of Network Security Monitoring : Beyond Intrusion Detection
ISBN:9780321246776
Publication Info:Pearson
Author:Bejtlich, Richard
Unit Cost:$45.05
Book Title:REFERENCE ONLY- Information Security Fundamentals, 2nd edition-This text will be REQUIRED in ISSC661 and ISSC680. This text will be used as a reference only for the other courses in the ISSC program.
ISBN:9781439810620
Publication Info:Auerbach Publications
Author:Thomas R. Peltier
Unit Cost:$79.95

Previous Syllabi

Not current for future courses.