Course Code: ISSC642 Course ID: 3872 Credit Hours: 3 Level: Graduate
This course examines the tenets of Intrusion Detection, Intrusion Prevention, and Incident Handling. Intrusion Detection focuses on the methods to detect attempts (attacks or intrusions) to compromise the confidentiality, integrity or availability of an information system. Also included is an analysis of the principles and practices of intrusion detection, intrusion prevention, and incident handling; network-based, host-based, and hybrid intrusion detection; identifying attack patterns; deployment of resources and responses to handle the incident, surveillance, damage assessment, risk assessment, data forensics, data mining, attack tracing, system recovery, and continuity of operation.
|Registration Dates||Course Dates||Session||Weeks|
|11/30/20 - 04/30/21||05/03/21 - 06/27/21||Spring 2021 Session I||8 Week session|
|12/28/20 - 06/04/21||06/07/21 - 08/01/21||Spring 2021 Session D||8 Week session|
|01/25/21 - 07/02/21||07/05/21 - 08/29/21||Summer 2021 Session B||8 Week session|
|02/22/21 - 07/30/21||08/02/21 - 09/26/21||Summer 2021 Session I||8 Week session|
|03/29/21 - 09/03/21||09/06/21 - 10/31/21||Summer 2021 Session D||8 Week session|
|04/26/21 - 10/01/21||10/04/21 - 11/28/21||Fall 2021 Session B||8 Week session|
After successfully completing this course, you will be able to
- Examine the principles of intrusion detection and intrusion prevention.
- Evaluate the principles of incident handling & reporting.
- Compare and contrast network-based and host-based intrusion detection and intrusion protection systems.
- Assess the various detection and prevention tools, technology, and techniques.
- Explain the methods and techniques for recognizing and profiling attack patterns.
- Assess the application of data mining and artificial intelligence techniques in intrusion detection and prevention.
- Develop and incident response plan that incorporates attack tracing, evidence collection, and evidence analysis.
- Evaluate an intrusion detection system or intrusion prevention system.
For the purposes of this course, a “week” is defined as the time period between Monday–Sunday, for all weeks 1 to 8. The first week begins on the first day of the semester and ends on midnight the following Sunday.
Readings will be assigned throughout the course (Chapters 1 -18)
Supplemental Reading assignments will be given from the above websites and additional resources.
Most weeks you will participate in a Forum activity. Each Forum activity will consist of one or more threads/topics. The questions are designed to allow you to apply the concepts you have learned in the chapter to real-world business scenarios or hypothetical, but realistic, situations. Please post your answers to the questions in each thread prior to 11:59 p.m. Eastern Time on Thursday. Although it is not required until Sunday, those that post by Thursday enable a real conversation in the classroom. Also, if I see you are short of any requirements it allows time for corrections. Your initial post must be a minimum of 250 words. Please do not be late with this post because your classmates will be relying on you to post on time to give them a post to respond to later in the week. The only exception to the Thursday deadline is week one of the course when your initial post will not be due until Sunday. Continue to read your classmates' posts and post at least one follow-up post to one of your classmates prior to 11:59 p.m. Eastern Time on Sunday. Your follow-up post must be a minimum of 150 words. Of course, you may always post more than the required number of replies and you are encouraged to continue participating in the discussion even after you have met the minimum number of posts required. Your follow-up posts must contain substance and should add additional insight to your classmates’ opinions or challenge their opinions. It is never sufficient to simply say, “I agree with what you wrote” or “Good post.” You must use your follow-up posts as a way to continue the discussion at a high level of thinking. Be sure to read the follow-up posts to your own posts and reply to any questions or requests for clarification, including questions posted by your professor. You will be expected to log into the classroom several times each week to participate in the class discussion. Forum postings are a large part of your grade and I will be looking for quality and depth in your postings.
Quizzes (under Assignments)
Two weeks there will be a quiz due by Sunday night, covering the material in previous week’s and the previous week’s readings. The quizzes are open book, non-proctored, and timed. You may access as often as you want but only submit each quiz once.
Idea / Research / Reflections Papers
These papers are to be in APA format. When referencing the page count, I mean in actual written content. (not cover page and diagrams) It reflects information related is on subject related to virtualization.
|Weekly Forum||40.00 %|
|Week 1 Forum||5.00 %|
|Week 2 Forum||5.00 %|
|Week 3 Forum||5.00 %|
|Week 4 Forum||5.00 %|
|Week 5 Forum||5.00 %|
|Week 6 Forum||5.00 %|
|Week 7 Forum||5.00 %|
|Week 8 Forum||5.00 %|
|Week 4 Idea Paper||10.00 %|
|Week 7 Research Paper||20.00 %|
|Week 8 Reflections Paper||10.00 %|
|Extra Credit Paper||2.00 %|
|Extra Credit||2.00 %|
In addition to the required course texts, the following public domain web sites are useful. Please abide by the university’s academic honesty policy when using Internet sources as well. Note web site addresses are subject to change.
Site Name- Handbook for Computer Security Incident Response Teams (CSIRTs) Moira J. West-Brown. Publisher: Carnegie-Mellon University, 2nd edition (April 2003)
Web Site URL/Address- www.sei.cmu.edu/pub/documents/03.reports/pdf/03hb002.pdf
Site Name- US-CERT: United States Computer Emergency Readiness Team (nd)
Web Site URL/Address- www.us-cert.gov/federal/
ISSC642 – Intrusion Detection and Incident Handling Article References*
The Tao of Network Security Monitoring: Beyond Intrusion Detection, by Richard Bejtlich. Publisher: Addison-Wesley Professional; 1 edition (July 22, 2004), ISBN-10: 0321246772.
Handbook for Computer Security Incident Response Teams (CSIRTs) Moira J. West-Brown. Publisher: Carnegie-Mellon University, 2nd edition (April 2003) www.sei.cmu.edu/pub/documents/03.reports/pdf/03hb002.pdf
US-CERT: United States Computer Emergency Readiness Team (nd). www.us-cert.gov/federal/
|Book Title:||Tao of Network Security Monitoring : Beyond Intrusion Detection|
|Electronic Unit Cost:||$35.00|
|Book Title:||REFERENCE ONLY- Information Security Fundamentals, 2nd edition-This text will be REQUIRED in ISSC661 and ISSC680. This text will be used as a reference only for the other courses in the ISSC program. E-book available in the APUS Online Library|
|Publication Info:||Auerbach Publications|
|Author:||Thomas R. Peltier|
Not current for future courses.