Course Objectives: |
Security Incident Management Course Description: The Security Incident Management course covers the processes of identifying, monitoring, analyzing, and responding to security incidents within information systems. This course teaches students the fundamentals of the incident management process, providing knowledge and skills on how to detect and manage security breaches. It also addresses topics such as incident reporting and evaluating outcomes. The course aims to equip students with practical experience through real-world scenarios and hands-on projects |
Course Content: |
Logging, Log management, information security, event management, Server Active Directory setup, Event Log: Log Policy settings, Active Directory Event Log: Log Analysis, SIEM: Installation of applications, Data collection and analysis operations, Data models and graphics, Cyber Incident Response Processes (SOME), SGOM, Data analysis applications, Case studies |
Course Learning Outcomes (CLOs) are those describing the knowledge, skills and competencies that students are expected to achieve upon successful completion of the course. In this context, Course Learning Outcomes defined for this course unit are as follows:
|
|
Knowledge
(Described as Theoritical and/or Factual Knowledge.)
|
1) Learns the concept of log.
|
Skills
(Describe as Cognitive and/or Practical Skills.)
|
1) Gains the ability to store logs on remote systems.
|
2) Can create alarm and reporting structures for critical logs.
|
3) Gains the skill of using Splunk application.
|
Competences
(Described as "Ability of the learner to apply knowledge and skills autonomously with responsibility", "Learning to learn"," Communication and social" and "Field specific" competences.)
|
1) Learns the steps to follow in case of an unexpected cyber incident (cyber attack).
|
Week |
Subject |
Materials Sharing * |
|
Related Preparation |
Further Study |
1) |
Basic concepts of logging and log management |
Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
|
|
2) |
Basic concepts of logging and log management |
Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
|
|
3) |
Log management in terms of standards |
Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
|
|
4) |
Information security and incident management |
Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
|
|
5) |
Windows Server Active Directory installation |
Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
|
|
6) |
Event Log: Log policy settings |
Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
|
|
7) |
Active Directory Event Log: Log analysis |
Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
|
|
8) |
Midterm |
|
|
9) |
SIEM: Installation of applications |
Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
|
|
10) |
Data collection and analysis operations |
Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
|
|
11) |
Data collection and analysis operations |
Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
|
|
12) |
Data models and graphics |
Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
|
|
13) |
Cyber incident response processes SOME, SGOM |
Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
|
|
14) |
Data analysis applications |
Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
|
|
15) |
Case studies |
Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
|
|
16) |
Final Exam |
|
|
Course Notes / Textbooks: |
Cenk Karaman, 2020; Log Kayıtları ve Analizi
|
References: |
Erdal Özkaya, 2020; Siber Güvenlik: Saldırı ve Savunma Stratejileri, Buzdağı Yayınevi
Joseph Muniz, Gary McIntyre, Nadhem AlFardan, 2015; Security Operations Center: Building, Operating, and Maintaining your SOC, Cisco Press
Anton Chuvakin , Kevin Schmidt , Chris Phillips, Logging and Log Management, Elsevier Science
David R. Miller, Shon Harris, Allen Harper, Stephen VanDyke, Chris Blask, 2010; Security Information and Event Management (SIEM) Implementation, McGraw-Hill Osborne Media
Gregory Jarpey and R. Scott McCoy (Auth.), 2017; Security Operations Center Guidebook. A Practical Guide for a Successful SOC, Butterworth-Heinemann
Ric Messier, 2019; CEH v10 Certified Ethical Hacker Study Guide, Sybex
Evren Pazoğlu, 2019; M.Nezir Yücesoy, Siber Güvenlik Operasyonları Merkezi, Gazi Kitabevi
|
(KPLOs and SPLOs are the abbreviations for Key & Sub- Programme Learning Outcomes, respectively. )
|
Programme Learning Outcomes |
Contribution Level (from 1 to 5) |
1) |
Explains the basic, theoretical and practical information in the field of information security technology. |
5 |
|
1.1 Defines the corporate cyber security rules and guidelines.
|
5 |
|
1.2 Information Security Creates procedure and control components |
5 |
|
1.3 Identify non-technological tools and methods against cyber attack. |
5 |
|
1.4 Identifies the methods and methods of technological methods against cyber attack. |
5 |
|
1.5 User training and security awareness describes the importance of cyberspace. |
5 |
|
1.6 Recall national and international legislation and regulations related to the field of Information Security Technology. |
1 |
|
1.7 Defines the fundamentals of programming and algorithm information. |
1 |
|
|
|
2) |
Know and analyze cyber assets in terms of information security. |
5 |
|
2.1 Lists the tasks and responsibilities required to identify and prevent any exploitation of hardware. |
5 |
|
2.2 Lists the tasks and responsibilities required to identify and prevent any abuse that may occur in software components. |
5 |
|
2.3 Lists the tasks and responsibilities required to identify and prevent any abuse that may occur in local area networks. |
5 |
|
|
|
3) |
Experience the cyber security risk management system. |
5 |
|
3.1 Follow the patches of information technology systems published against known cyber security gaps. |
5 |
|
3.2 Explains the importance of authorizing users as much as they can. |
5 |
|
3.3 Explains the necessary policies and processes for effective event management. |
5 |
|
3.4 Explains the importance of monitoring the cyber systems for the correct structuring of the powers, the realization of the realized, failed or failed cyber attacks, the timely response to the protection and the fulfillment of the legal requirements. |
5 |
4) |
Applies the theoretical knowledge learned in business life for a semester. |
1 |
|
4.1 Experiences all processes in business life. |
1 |
|
4.2 Takes part in activities related to the field of education in a business operating in the field. |
1 |
|
4.3 Questions the application with theoretical knowledge. |
3 |
|
4.4 Compiles the knowledge and experience gained in the field. |
1 |
5) |
Acquires the competencies defined as the institutional outcomes of Beykoz University on the basic level, inline with the expectations of business world and the society. |
2 |
|
5.1 Acquires competency of analyzing and solving the problems. |
2 |
|
5.2 Has awareness for ethical and social responsibility. |
2 |
|
5.3 Takes responsibility as a team member in works and operations of his/her field. |
2 |
|
5.4 Is aware of written, verbal communication and interaction. |
1 |
|
5.5 Follows the developments of advanced technology and digital transformation. |
3 |
|
5.6 Acquires the awareness for lifelong learning. |
1 |
|
5.7 Has awareness about citizenship competency. |
1 |
|
5.8 Evaluates the developments of his/her field with the understanding of an entrepreneur. |
2 |
|
5.9 Acquires communication in a Foreign Language (English) competence defined on the level of at least A2 in European Language Portfolio. (In programs whose medium of instruction is English, on the level of B1). |
1 |
|
|
|
WORKLOAD OF TEACHING & LEARNING ACTIVITIES |
Teaching & Learning Activities |
# of Activities per semester |
Duration (hour) |
Total Workload |
Course |
14 |
2 |
28 |
Laboratory |
0 |
0 |
0 |
Application |
0 |
0 |
0 |
Special Course Internship (Work Placement) |
0 |
0 |
0 |
Field Work |
0 |
0 |
0 |
Study Hours Out of Class |
0 |
0 |
0 |
Presentations / Seminar |
0 |
0 |
0 |
Project |
0 |
0 |
0 |
Homework Assignments |
1 |
5 |
5 |
Total Workload of Teaching & Learning Activities |
- |
- |
33 |
WORKLOAD OF ASSESMENT & EVALUATION ACTIVITIES |
Assesment & Evaluation Activities |
# of Activities per semester |
Duration (hour) |
Total Workload |
Quizzes |
2 |
10 |
20 |
Midterms |
1 |
10 |
10 |
Semester Final Exam |
1 |
10 |
10 |
Total Workload of Assesment & Evaluation Activities |
- |
- |
40 |
TOTAL WORKLOAD (Teaching & Learning + Assesment & Evaluation Activities) |
73 |
ECTS CREDITS OF THE COURSE (Total Workload/25.5 h) |
3 |