PV210 Cyber security in an organization

Faculty of Informatics
Autumn 2020

The course is not taught in Autumn 2020

Extent and Intensity
2/0/2. 3 credit(s) (plus extra credits for completion). Recommended Type of Completion: k (colloquium). Other types of completion: zk (examination).
Teacher(s)
doc. RNDr. Jan Vykopal, Ph.D. (lecturer)
doc. Ing. Pavel Čeleda, Ph.D. (lecturer)
RNDr. Martin Drašar, Ph.D. (lecturer)
RNDr. Daniel Kouřil, Ph.D. (lecturer)
RNDr. Michal Procházka, Ph.D. (lecturer)
RNDr. Petr Velan, Ph.D. (lecturer)
RNDr. Martin Laštovička, Ph.D. (assistant)
RNDr. Stanislav Špaček, Ph.D. (assistant)
RNDr. Valdemar Švábenský, Ph.D. (assistant)
Guaranteed by
doc. RNDr. Jan Vykopal, Ph.D.
Department of Computer Systems and Communications – Faculty of Informatics
Contact Person: doc. RNDr. Jan Vykopal, Ph.D.
Supplier department: Department of Computer Systems and Communications – Faculty of Informatics
Prerequisites
(( PV080 Inf. security and cryptography ) && ( PB156 Computer Networks || PV183 Computer Networks Technology ) &&( PV004 UNIX ) )|| SOUHLAS
basic Linux experience at the level of PV004; recommended to concurrently enroll in PV017
Course Enrolment Limitations
The course is also offered to the students of the fields other than those the course is directly associated with.
The capacity limit for the course is 60 student(s).
Current registration and enrolment status: enrolled: 0/60, only registered: 0/60, only registered with preference (fields directly associated with the programme): 0/60
fields of study / plans the course is directly associated with
there are 77 fields of study the course is directly associated with, display
Course objectives
The general objective of the course is the introduction of services of a computer security incident response team (CSIRT) in an organization.
Learning outcomes
At the end of the course student should be able to: understand basic services of a CSIRT; use basic tools of a CSIRT;
Syllabus
  • Computer Security incident Response Team (CSIRT).
  • Basic services of a CSIRT.
  • Role of a CSIRT in an organization. Infrastructure of CSIRTs. Skills of a CSIRT employee.
  • Incident handling (incident taxonomy, processes, and best practices).
  • Penetration testing. Security awareness and education.
  • Introduction to network security and monitoring, legal issues.
  • Packet capture and analysis. Detection of operational issues and intrusions (PCAP, Wireshark).
  • Network flow acquisition, collection and analysis (NetFlow, IPFIX, NFDUMP).
  • Principles of network intrusion detection and prevention and their limits.
  • Introduction to digital forensic investigation.
  • Analysis of ongoing incident vs. post-mortem analysis.
  • Evidence collection and submission for police investigation.
  • Case study: CSIRT-MU, CESNET-CERTS, CSIRT.CZ, GovCERT.
Literature
  • M. J. West-Brown, et al. Handbook for Computer Security Incident Response Teams (CSIRTs). No. CMU/SEI-2003-HB-002. Carnegie-Mellon University Pittsburgh, 2003.
  • Scarfone, K. Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). Recommendations of the National Institute of Standards and Technology, 2007.
Teaching methods
Lectures, 4 assignments (homework) during the semester.
Assessment methods
Assignments during the semester (30 %), written exam (70 %).
Language of instruction
Czech
Follow-Up Courses
Further Comments
The course is taught annually.
The course is taught: every week.
The course is also listed under the following terms Autumn 2008, Autumn 2009, Autumn 2010, Autumn 2011, Autumn 2012, Autumn 2013, Autumn 2014, Autumn 2015, Autumn 2016, Autumn 2017, Autumn 2018, Autumn 2019, Autumn 2021, Autumn 2022, Autumn 2023, Autumn 2024.
  • Enrolment Statistics (Autumn 2020, recent)
  • Permalink: https://is.muni.cz/course/fi/autumn2020/PV210