The course is offered to students of any study field.
The capacity limit for the course is 30 student(s).
Current registration and enrolment status: enrolled: 0/30, only registered: 0/30, only registered with preference (fields directly associated with the programme): 0/30
Course objectives (in Czech)
Graduate of this course shall be able to:
organize establishment and operation of a CSIRT;
understand advanced concepts in designing, developing, managing and analyzing of systems and tools used by a CSIRT;
select appropriate methods of security monitoring, analysis and digital forensics for a given application;
Syllabus (in Czech)
Cyber security in an organization (summary of the course Cyber security in an organization).
Establishing of a CSIRT.
Structure of a CSIRT.
Network security monitoring and attacks.
Advanced methods of network traffic monitoring (packet and flow analysis - Wireshark, Flowmon).
Advanced analysis of complex attacks.
Advance methods of detection and evidence of security threats using network traffic.
Alerts: Generating, Collecting, Sharing
Tools for digital forensic investigation (both commercial and open source).
Methods of digital forensics.
Forensic analysis of a simulated incident (analysis of data from heterogeneous sources).
M. J. West-Brown, et al. Handbook for Computer Security Incident Response Teams (CSIRTs). No. CMU/SEI-2003-HB-002. Carnegie-Mellon University Pittsburgh, 2003. http://www.cert.org/archive/pdf/csirt-handbook.pdf
K. Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). Recommendations of the National Institute of Standards and Technology, 2007.
Teaching methods (in Czech)
Lectures, 6 seminars, 6 assignments (homework) during the semester.
Assessment methods (in Czech)
Assignments during the semester (40 %), written exam (60 %).
Language of instruction
The course is taught annually.
The course is taught: every week.