ITSY 2330 0350 - INTRUSION DETECTION

Introduction

Get help using 'Introduction'

Syllabus

NORTH CENTRAL TEXAS COLLEGE

COURSE SYLLABUS

 

The North Central Texas College (NCTC) Course Syllabus provides the following as required by the Texas Higher Education Coordinating Board (THECB): (1) a brief description of the course including each major course requirement, assignment and examination; (2) the learning objectives for the course; (3) a general description of the subject matter of each lecture or discussion; and (4) any required or recommended readings.  Contact information for the instructor is also provided. The Course Syllabus also provides institutional information to indicate how this course supports NCTC’s purpose and mission. Information specific to a particular section of the course will be included in the Class Syllabus and distributed to enrolled students.

 

 

 

Course Title: Incident Response & Handling

Course Prefix & Number:    ITSY2330

Section Number:  ALL

Term Code: 20/Spring II

Semester Credit Hours:       3

Lecture Hours:        32

Lab Hours:   32

Course Description (NCTC Catalog):

Computer information systems security monitoring, intrusion detection, and crisis management. Includes alarm management, signature configuration, sensor configuration, and troubleshooting components. Emphasizes identifying, resolving, and documenting network crises and activating the response team.
 

 

Course Prerequisite(s):

Course Type:

o - Academic General Education Course (from Academic Course Guide Manual but not in NCTC Core)

o- Academic NCTC Core Curriculum Course

n - WECM Course

 

Name of Instructor:

Ervin Frenzel

Campus/Office Location:

Online only

Telephone Number:

806-570-7658

E-mail Address:

efrenzel@nctc.edu

 

Name of Chair/Coordinator:

Susan Svane

Office Location:

IT Career Connection Center

Telephone Number:

940-498-6438

E-mail Address:

SSvane@nctc.edu

 

 

 

Instructors Statement

My contact information is available and if you are experiencing difficulty with any portion of this course, contact me immediately – I cannot help if I do not know there is a problem.  I am available through email but may take longer to respond, if the contact is critical call me (806)570-7658.  My phone is on from 0700 to 2000 daily, but I may not be available to answer a phone call immediately, but leave a message indicating which class you are in and when you will be available for calls. Please note: I do not take calls after 9 pm or before 8 am (unless it has been previously agreed to).  

 

Office Hours (online): Tuesday and Thursday, I teach starting at 0900 and finish late in the evening, I will return your call as soon as I can during this timeframe. 

 

This semester I will only be available for office hours on agreed upon Saturdays and evenings.  I will be available Monday, Wednesday and Friday nights from 6 to 9 pm and will have Saturday sessions every other Saturday.

 

The capstone for the ________ Basic Certificate and ________ Certificate is a comprehensive program exam with a score of 70% or higher.  Exam must be scheduled with the Department Chair upon completion of a certificate.

The capstone requirement for the ________ AAS Degree is _____ (list course). It should be taken the last semester before graduation. This course may not be substituted.

 

 

REQUIRED OR RECOMMENDED COURSE MATERIALS

 

To order textbooks use this link:  http://www.gilmore.ca/eccouncil/Login.aspx?

8 weeks

Cost:  $288

Product Code/ISBN: 9781635671421

Product Code :

CSA-E-LAB-ACAD-B

Product Name :

Certified SOC Analyst (CSA) eBook w/iLabs

Media Type :

eCourseware

Language :

  

Extended Description :

  

Price :

$288.00

Description :

Certified SOC Analyst (CSA) eBook w/iLabs

Date Available :

November 07, 2019 09:12:43 AM EST

Prices in USD

  

 

  • Exam Vouchers will be available for purchase through the same Gilmore site used to purchase the training material. Exam vouchers are not available in a package set as in other courses.

 

 

  • Please note that the student will need to register an account with Exam Specialist at least 72 hours before they want to take the exam, so the service can locate a proctor for the desired time slot, unless they are able to schedule it at NCTC.

 

Recommended: External Drive (2 TB or larger). You are required to keep all lab work until the

end of the semester.

 

COURSE REQUIREMENTS, EVALUATION METHODS, and GRADING CRITERIA

# of Graded Course Elements

Graded Course Elements

Weighted Percentage Values

6

Homework (Chapter homework due every week)

30% of grade

7

Labs (based upon each weeks chapter or supplemental material)

20% of grade

8

Discussion (weekly discussions and in class participation)

20% of grade

2

 

Exams

(Averaged – no grades dropped)

30% of grade

 

 

GRADING SCALE

 

 

A

>=89.5%

 

D    >=59.5%

 

B

>=79.5%

 

F    <=59.49%

 

 

C

>=69.5%

 

 

 

 

STUDENT LEARNING OUTCOMES

WECM End-of-Course Outcomes: Identify sources of attacks; restore the system to normal operation; identify and prevent security threats; perform a postmortem analysis; identify computer investigation issues; and identify the roles and responsibility of the incident response team.

 

At the successful completion of this course the student will be able to:

LO1

Build IDS sensors and attach them to the network (hardware and software)

LO2

Install and manage event database(s)

LO3

Analyze an event and trends

LO4

Install, manage, and interpret syslog servers and system logs

LO5

Identify legal and policy issues associated with system and network monitoring

LO6

Deploy, implement, and test IDS security plan

 

ATTENDANCE POLICY

Attendance is based on participation in the class, so you are expected to actively participate in the assignments and the graded discussion forums on a weekly basis. I also expect you to check your email daily M-F for any additional content. 

Labs will close the week that they are due, but they will be open up until the week they are due.  Exams are not allowed to be turned in late (exam integrity).  Discussion questions are only allowed opened during the week in which they are due. 

      Last Day to Withdraw: For the Spring 2020 (Spring II) (2nd 8 week semester) to withdraw from a course with a “W” is April 24, 2020. If a student decides to officially drop this course, then it is the student’s responsibility to submit the required forms to the registrar. Students who cease attending and who do not complete a drop slip prior April 24, 2020 will earn a grade of “F”.

 

LAB-WORK POLICY

Labs are available from the first day of the semester until the week they are due (they close the Saturday of the week that they are due), you can work ahead, but they will not be accepted after the due date.

 

CLASSROOM DISCUSSION POLICY

      Classroom discussions are available only during the week that they are intended to be available, submissions are only accepted based upon work turned in during that week.  A complete listing of all discussion questions is available in the classroom “Modules” area.  You are allowed to read ahead and prepare your initial responses.

      **Initial responses are expected to be approximately 250 words (may be more or less as long as they have what can be deemed to be substantive content and grounded in relevant concepts).

      **Peer responses for non-mini-mesters (normal semesters are not mini-mesters) are expected to be approximately 250 words (combined) these must have substantive content and grounded in relevant concepts.

      For the mini-mesters only – Initial responses only no peer responses – due to time constraints.

      **No personal attacks will be tolerated during the classroom discussions, first offense is a notice/warning, second offense depending upon the offense can involve departmental chair or office of student affairs depending upon severity.**

 

 

 

 

Begins

Assignments Due

Assignments Close

Chapter

Assignments

  

1

23-Mar

26-Mar

28-Mar

1

Read

CSA_CH1 Security Operations and Management

 

 

26-Mar

28-Mar

 

Lab

 

 

 

26-Mar

28-Mar

 

Discussion

 

 

 

26-Mar

28-Mar

 

Quiz

 

2

29-Mar

2-Apr

4-Apr

2

Read

CSA_CH2 - Understanding Cyber Threats, IoCs, and Attack Methodology

 

 

2-Apr

4-Apr

 

Lab

 

 

 

2-Apr

4-Apr

 

Discussion

 

 

 

2-Apr

4-Apr

 

Quiz

 

3

5-Apr

9-Apr

11-Apr

3

Read

CSA_CH3 Incidents, Events, and Logging

 

 

9-Apr

11-Apr

 

Lab

 

 

 

9-Apr

11-Apr

 

Discussion

 

 

 

9-Apr

11-Apr

 

Quiz

 

4

12-Apr

16-Apr

18-Apr

Supplemental

Read

CSA_Week 4 (supplemental ) - Logging

 

 

16-Apr

18-Apr

 

Lab

 

 

 

16-Apr

18-Apr

 

Discussion

 

 

 

16-Apr

18-Apr

 

Quiz

 

 

 

14-Apr

16-Apr

Mid-term Exam

5

19-Apr

23-Apr

25-Apr

Supplemental

Read

CSA_Week 5 (supplemental) - SIEM selection

 

 

23-Apr

25-Apr

 

Lab

 

 

 

23-Apr

25-Apr

 

Discussion

 

 

 

23-Apr

25-Apr

 

Quiz

 

6

26-Apr

30-Apr

2-May

5

Read

CSA_CH4 Incident Detection with Security Information and Event Management (SIEM)

 

 

30-Apr

2-May

 

Lab

 

 

 

30-Apr

2-May

 

Discussion

 

 

 

30-Apr

2-May

 

Quiz

 

7

3-May

7-May

9-May

6

Read

CSA_CH5 Enhanced Incident Detection with Threat Intelligence

 

 

7-May

9-May

 

Lab

 

 

 

7-May

9-May

 

Discussion

 

 

 

7-May

9-May

 

Quiz

 

8

10-May

12-May

14-May

 

Read

CSA_CH6 Incident Response (early due dates)

 

 

12-May

14-May

 

Lab

 

 

 

12-May

14-May

 

Discussion

 

 

 

12-May

14-May

 

Quiz

 

 

 

11-May

13-May

Final Exam (Cummulative)

 

Important Dates for the Spring 2020 Semester

Event

Spring 2020

Spring 2020

Spring 2020

May

1st 8-Week

2nd 8-Week

Mini-Mester

Last Day of 100% Refund for Courses Dropped

19-Jan

19-Jan

22-Mar

17-May

Martin Luther King Holiday Observed 

** College Closed **

20-Jan

20-Jan

    

Classes Begin

21-Jan

21-Jan

23-Mar

21-May

Official Date of Record

4-Feb

28-Jan

1-Apr

22-May

Spring Break 

** College Closed **

March 16-21

March 16-21

March 16-21

  

Memorial Day Observed 

** College Closed **

      

25-May

Last day to withdraw from a class with ‘W’

3-Apr

21-Feb

24-Apr

1-Jun

Final Exams (see final exam schedule)

May 11-16

March 9-13

May 11-16

5-Jun

Commencement Ceremonies

15-May

      

Term Ends

16-May

13-Mar

16-May

5-Jun

Final Grades, Attendance Rosters & Grade Rolls due at Noon

16-May

14-Mar

16-May

6-Jun

Important Dates for the Summer I, II, and III Semesters

Event

Summer I 2020

Summer II 2020

Summer III 2020

  

5½-Week Session

5½-Week Session

10-Week Session

  

Last Day of 100% Refund for Courses Dropped

7-Jun

14-Jul

7-Jun

  

Classes Begin

8-Jun

15-Jul

8-Jun

  

Official Date of Record

17-Jun

27-Jul

23-Jun

  

Last day to withdraw from a class with ‘W’

30-Jun

6-Aug

16-Jul

  

Fourth of July Holiday Observed 

** College Closed **

4-Jul

4-Jul

4-Jul

  

Final Exams (see final exam schedule)

14-Jul

20-Aug

13-Aug

  

Term Ends

14-Jul

20-Aug

13-Aug

  

Final Grades, Attendance Rosters & Grade Rolls due at Noon

15-Jul

21-Aug

14-Aug

  

 

STUDENT SUPPORT SERVICES

Disability Services (OSD)

The Office for Students with Disabilities (OSD) provides accommodations for students who have a documented disability.  A disability is anything that can interfere with learning, such as a learning disability, psychological challenge, physical illness or injury. Accommodations may include extra time on tests, tests in a distraction reduced environment, volunteer note taker in class, etc.

 

On the Corinth Campus, go to room 170 or call 940-498-6207. On the Gainesville Campus, go to room 110 in the Administration (100) Building or call 940-668-4209.  Students on the Bowie, Graham, Flower Mound, and online campuses should call 940-668-4209 to arrange for an intake appointment with OSD.

 

North Central Texas College is on record as being committed to both the spirit and letter of federal equal opportunity legislation, including the Americans with Disabilities Act (ADA) of 1990, ADA Amendments Act of 2009, and Section 504 of the Rehabilitation Act of 1973 (P.L. 93-112).

http://www.nctc.edu/StudentServices/SupportServices/Disabilityservices.aspx

 

Support Services

Counseling and Testing staff offer a variety of services to current and prospective students, such as College 101, placement testing, academic advising and course registration, transfer assistance, and College Success seminars (Time Management, Study Skills, Test Anxiety, Choosing a Major, Learning Style Strategies, Career Exploration), and much more.  http://www.nctc.edu/StudentServices/CounselingTesting.aspx

 

Student Success offers academic coaching, tutoring, including a Writing Center, a Math Lab, free 24/7 online tutoring through Grade Results and assist new students acclimate to college by providing computer lab services for prospective students.   First generation students can also participate in TRIO which offers specialized support services.

http://www.nctc.edu/StudentServices/SupportServices.aspx

 

Financial Aid offers financial resources for students that qualify, visit the financial aid offices for more information.  http://www.nctc.edu/FInancialAidHome.aspx

 

EEOC Statement
North Central Texas College does not discriminate on the basis of race, color, national origin, gender, religion, age, or disability in the employment or the provision of services.

Early Alert and NCTC Cares

The NCTC Early Alert program has been established to assist students who are at risk of failing or withdrawing from a course. Your instructor may refer you to this program if you are missing assignments, failing tests, excessively absent, or have personal circumstances impacting your academic performance. If submitted as an Early Alert you will be notified via your NCTC e-mail address and then contacted by a Counseling and Testing advisor or counselor to discuss possible strategies for completing your course successfully.

The NCTC CARES (Campus Assessment Response Evaluation Services) Team addresses behavior which may be disruptive, harmful or pose a threat to the health and safety of the NCTC community-such as stalking, harassment, physical or emotional abuse, violent or threatening behavior, or self-harm. As a student, you have the ability to report concerning behavior which could impact your own safety or the safety of another NCTC student. Just click the NCTC CARES Team logo posted on MyNCTC, or send an e-mail to CARESTeam@nctc.edu.  As always, if you feel there is an immediate threat to your own safety or welfare (or to another student), please call 911 immediately.

Student Success Center

The Student Success Center is designed to help all students at NCTC develop tools to achieve their academic goals. The center links students to FREE tutoring, including a Writing Center, a Math Lab, and free online tutoring in the evening.  The program helps students acclimate to college by providing students free interactive workshops. For more information, please visit your nearest Student Success Center.

 

Tobacco-Free Campus

NCTC restricts the use of all tobacco products including cigarettes, cigars, pipes and smokeless tobacco on campus property.

 

Unit Competencies

 

Students who successfully complete this class will be able to:

    1. Understand fundamental networking concepts, analyze networking protocols and implement established standards to design a robust networking infrastructure

Assessment:

      • Lab/Homework Project evaluations
      • Chapter Discussion Questions
      • Multiple Choice quiz for each Chapter/then Course Final/then Course Final
    2. Assess potential vulnerabilities and threats to network infrastructure, predict the implication of network security breaches and analyze the available countermeasures

Assessment:

      • Lab/Homework Project evaluations
      • Chapter Discussion Questions
      • Multiple Choice quiz for each Chapter/then Course Final
    2. Examine different network security mechanisms, analyze available security controls and develop strategies to implement and configure these controls

Assessment:

      • Lab/Homework Project evaluations
      • Chapter Discussion Questions
      • Multiple Choice quiz for each Chapter/then Course Final
    2. Understand the role of network security policies, and develop comprehensive policies that help in protecting network infrastructure

Assessment:

      • Lab/Homework Project evaluations
      • Chapter Discussion Questions
      • Multiple Choice quiz for each Chapter/then Course Final
    2. Understand the working of various networking devices, and develop strategies for secure configuration of these devices

Assessment:

      • Lab/Homework Project evaluations
      • Chapter Discussion Questions
      • Multiple Choice quiz for each Chapter/then Course Final
    2. Identify security issues with operating systems and network-based applications, analyze the common vulnerabilities and implement best practices to harden networks

Assessment:

      • Lab/Homework Project evaluations
      • Chapter Discussion Questions
      • Multiple Choice quiz for each Chapter/then Course Final
    2. Analyze    cryptography     algorithms     and encryption techniques,        and                design implementation strategies for privacy and security of information

Assessment:

      • Lab/Homework Project evaluations
      • Chapter Discussion Questions
      • Multiple Choice quiz for each Chapter/then Course Final
    2. Compare and contrast various network security tools, and make decisions to deploy proper security tools based on evidence, information, and research

Assessment:

      • Lab/Homework Project evaluations
      • Chapter Discussion Questions
      • Multiple Choice quiz for each Chapter/then Course Final
    2. Evaluate physical security mechanisms, examine the issues and recommend the countermeasures to safeguard the network infrastructure

Assessment:

      • Lab/Homework Project evaluations
      • Chapter Discussion Questions
      • Multiple Choice quiz for each Chapter/then Course Final
    2. Examine the impact of an incident in the network and develop policies, processes and guidelines for incident handling and disaster recovery

Assessment:

      • Lab/Homework Project evaluations
      • Chapter Discussion Questions
      • Multiple Choice quiz for each Chapter/then Course Final

 

 

Workforce Education Program Elements (SCANS Skills)

 

The Secretary’s Commission on Achieving Necessary Skills (SCANS) conducted extensive research and interviews and determined that “workplace know-how” consists of two elements:  foundations skills and workplace competencies.  Upon successful completion of the courses in this program, students will have demonstrated the following competencies: 

 

  1. Foundation Skills

 

  1. Basic Skills:  A worker must (i) read, (ii) write, (iii) perform arithmetic and mathematical operations, (iv) listen, and (v) speak effectively.

 

  1. Thinking Skills: A worker must (i) think creatively, (ii) make decisions, (iii) solve problems, (iv) visualize, (v) know how to learn, and (vi) reason effectively.

 

  1. Personal Qualities:  A worker must display (i) responsibility, (ii) self-esteem, (iii) sociability, (iv) self-management, (v) integrity, and (vi) honesty.

 

  1. Workplace Competencies

 

  1. Resources:  A worker must identify, organize, plan, and allocate resources effectively.  This includes (i) time, (ii) money, (iii) material and facilities, and (iv) human resources.

 

  1. Interpersonal Skills:  A worker must work with others effectively to (i) participate as a member of a team, (ii) teach others new skills, (iii) serve clients/customers, (iv) exercise leadership, (v) negotiate, and (vi) work with diversity.

 

  1. Information:  A worker must be able to (i) acquire and use information, (ii) organize and maintain information, (iii) interpret and communicate information and (iv) use computers to process information.

 

  1. Systems:  A worker must understand complex interrelationships as in (i) understanding systems, (ii) monitor and correct performance, and (iii) improve and design systems.

 

  1. Technology:  A worker must be able to work with a variety of technologies, e.g. (i) select technology, (ii) apply technology, and (iii) maintain and troubleshoot equipment.

 

 

 

 

Syllabus File(s)

Get help using 'Syllabus File(s)'
While focused on a reorder icon, press the Enter key or spacebar to "select" the icon. While a reorder icon is selected, pressing the up and down arrows will change the order of the selected item within the list. Pressing Enter key or spacebar again will drop the selected item at that location in the list.
Edit the following settings for all selected Resources.
Select a start and end date and time
Start: Start:
End: End: