PA211/01: each even Thursday 8:00–9:50 B117, T. Jirsík, D. Kouřil, M. Laštovička, M. Procházka, P. Velan
PA211/02: each odd Thursday 8:00–9:50 B117, T. Jirsík, D. Kouřil, M. Laštovička, M. Procházka, P. Velan
The course is offered to students of any study field.
The capacity limit for the course is 30 student(s).
Current registration and enrolment status: enrolled: 4/30, only registered: 0/30, only registered with preference (fields directly associated with the programme): 0/30
Course objectives (in Czech)
Graduate of this course shall be able to:
organize establishment and operation of a CSIRT;
understand advanced concepts in designing, developing, managing and analyzing of systems and tools used by a CSIRT;
select appropriate methods of security monitoring, analysis and digital forensics for a given application;
Syllabus (in Czech)
Cyber security in an organization (summary of the course Cyber security in an organization).
Establishing of a CSIRT.
Structure of a CSIRT.
Network security monitoring and attacks.
Advanced methods of network traffic monitoring (packet and flow analysis - Wireshark, Bro, FlowMon).
Advanced analysis of complex attacks (Bro Intelligence Module).
Advance methods of detection and evidence of security threats using network traffic.
Tools for digital forensic investigation (both commercial and open source).
Methods of digital forensics.
Forensic analysis of a simulated incident (analysis of data from heterogeneous sources).
M. J. West-Brown, et al. Handbook for Computer Security Incident Response Teams (CSIRTs). No. CMU/SEI-2003-HB-002. Carnegie-Mellon University Pittsburgh, 2003. http://www.cert.org/archive/pdf/csirt-handbook.pdf
K. Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). Recommendations of the National Institute of Standards and Technology, 2007.
Teaching methods (in Czech)
Lectures, 6 seminars, 6 assignments (homework) during the semester.
Assessment methods (in Czech)
Assignments during the semester (40 %), written exam (60 %).