MSCS: CYB 505 – Incident Response and Recovery
Categories: MS in Computer Science
About Course
- This course explores the essential strategies and best practices for responding to and recovering from cybersecurity incidents.
- Students will learn how to develop and implement incident response plans, manage breaches effectively, and ensure rapid recovery to minimize damage.
- The course emphasizes the importance of preparation, quick response, and systematic recovery to protect organizational assets and maintain business continuity in the face of cybersecurity threats.
What Will You Learn?
- - Understand the key concepts and components of an effective incident response plan.
- - Learn to manage and coordinate a cybersecurity incident response team.
- - Develop skills to conduct post-incident analysis and reporting.
- - Explore strategies for ensuring swift recovery and maintaining business continuity after a cybersecurity incident.
Course Content
Week 1: Introduction to Incident Response
-
Introduction to Incident Response
00:00 -
LO1: Explain Concept of Incident Response and Role in Cybersecurity Preparedness
13:58 -
LO2: Describe Types of Cybersecurity Incidents and Potential Impact on Organizations
15:28 -
LO3: Summarize Importance of Proactive Preparation based on Incident Response Best Practices from Core Textbook
10:04 -
Multiple Choice Questions
-
True/False Questions
-
Scenario-Based Multiple Choice Questions
-
Key Terms and Concepts Questions
-
Short Answer Questions
-
Written Assignment
-
Presentation Task
-
Role-Playing Activity
-
Peer Review Task
-
Exercises and Activities Adaptation
Week 2: Incident Response Planning
-
Incident Response Planning
00:00 -
LO1: Define Key Components of Comprehensive Incident Response Plan
12:53 -
LO2: Explain Roles and Responsibilities within Incident Response Team
17:49 -
LO3: Analyze how Structured Planning Enhances Organizational Readiness for Cyber Incidents
14:55 -
Multiple Choice Questions
-
True/False Questions
-
Scenario-Based Multiple Choice Questions
-
Key Terms and Concepts Questions
-
Short Answer Questions
-
Written Assignment
-
Presentation Task
-
Role-Playing Activity
-
Peer Review Task
-
Exercises and Activities Adaptation
Week 3: Identification and Containment
-
Identification and Containment
00:00 -
LO1: Explain Techniques used to Identify and Classify Cybersecurity Incidents
13:22 -
LO2: Describe Containment Strategies used to Limit Scope and Impact of Security Breaches
11:06 -
LO3: Analyze Real-World Cases to Evaluate Effectiveness of Incident Containment Approaches
10:18 -
Multiple Choice Questions
-
True/False Questions
-
Scenario-Based Multiple Choice Questions
-
Key Terms and Concepts Questions
-
Short Answer Questions
-
Written Assignment
-
Presentation Task
-
Role-Playing Activity
-
Peer Review Task
-
Exercises and Activities Adaptation
Week 4: Eradication and Recovery
-
Eradication and Recovery
00:00 -
LO1: Explain Methods for Eradicating Malware and Other Threats from Compromised Systems
00:00 -
LO2: Describe Recovery Processes for Restoring Systems and Services to Normal Operations
00:00 -
LO3: Evaluate Recovery Strategies using Industry Practices presented in Recommended Textbook
00:00 -
Multiple Choice Questions
-
True/False Questions
-
Scenario-Based Multiple Choice Questions
-
Key Terms and Concepts Questions
-
Short Answer Questions
-
Written Assignment
-
Presentation Task
-
Role-Playing Activity
-
Peer Review Task
-
Exercises and Activities Adaptation
Week 5: Post-Incident Activities
-
Post-Incident Activities
00:00 -
LO1: Explain Purpose and Process of Post-Incident Analysis
00:00 -
LO2: Describe how Lessons Learned Contribute to Continuous Improvement of Incident Response Capabilities
00:00 -
LO3: Summarize Reporting Requirements and Documentation Practices following Cyber Incidents
00:00 -
Multiple Choice Questions
-
True/False Questions
-
Scenario-Based Multiple Choice Questions
-
Key Terms and Concepts Questions
-
Short Answer Questions
-
Written Assignment
-
Presentation Task
-
Role-Playing Activity
-
Peer Review Task
-
Exercises and Activities Adaptation
Week 6: Incident Response in Cloud Environments
-
Incident Response in Cloud Environments
00:00 -
LO1: Explain Unique Challenges associated with Incident Response in Cloud-Based Systems
13:08 -
LO2: Describe Cloud-Specific Tools and Techniques for Incident Detection and Response
13:28 -
LO3: Analyze Cloud Incident Scenarios to Evaluate Response Effectiveness and Risk Mitigation
10:07 -
Multiple Choice Questions
-
True/False Questions
-
Scenario-Based Multiple Choice Questions
-
Key Terms and Concepts Questions
-
Short Answer Questions
-
Written Assignment
-
Presentation Task
-
Role-Playing Activity
-
Peer Review Task
-
Exercises and Activities Adaptation
Week 7: Cybersecurity Threat Intelligence
-
Cybersecurity Threat Intelligence
00:00 -
LO1: Define Cyber Threat Intelligence and Role in Incident Response
13:07 -
LO2: Explain how Threat Intelligence Supports Proactive and Reactive Defense Strategies
14:00 -
LO3: Evaluate Integration of Threat Intelligence into Incident Response Frameworks
12:27 -
Multiple Choice Questions
-
True/False Questions
-
Scenario-Based Multiple Choice Questions
-
Key Terms and Concepts Questions
-
Short Answer Questions
-
Written Assignment
-
Presentation Task
-
Role-Playing Activity
-
Peer Review Task
-
Exercises and Activities Adaptation
Week 8: Midterm Test or Assignment
-
Mid Term
11:22 -
Multiple Choice Questions
-
True/False Questions
-
Short Answer Questions
-
Scenario-Based Multiple Choice Questions
Week 9: Legal and Regulatory Considerations
-
Legal and Regulatory Considerations
00:00 -
LO1: Explain Legal and Regulatory Requirements related to Cyber Incident Response
00:00 -
LO2: Describe Ethical Issues and Compliance Obligations during Incident Handling
00:00 -
LO3: Analyze Legal Scenarios to Evaluate Organizational Responsibilities and Risks
00:00 -
Multiple Choice Questions
-
True/False Questions
-
Scenario-Based Multiple Choice Questions
-
Key Terms and Concepts Questions
-
Short Answer Questions
-
Written Assignment
-
Presentation Task
-
Role-Playing Activity
-
Peer Review Task
-
Exercises and Activities Adaptation
Week 10: Communication during Incidents
-
Communication during Incidents
00:00 -
LO1: Explain Importance of Effective Communication during Cybersecurity Incidents
00:00 -
LO2: Describe Communication Strategies for Internal and External Stakeholders
00:00 -
LO3: Evaluate Incident Communication Plans using Industry Best Practices
00:00 -
Multiple Choice Questions
-
True/False Questions
-
Scenario-Based Multiple Choice Questions
-
Key Terms and Concepts Questions
-
Short Answer Questions
-
Written Assignment
-
Presentation Task
-
Role-Playing Activity
-
Peer Review Task
-
Exercises and Activities Adaptation
Week 11: Incident Response Tools and Technologies
-
Incident Response Tools and Technologies
00:00 -
LO1: Describe Common Tools and Technologies used in Incident Detection and Response
00:00 -
LO2: Explain how Automation and Forensic Tools Support Incident Response Activities
00:00 -
LO3: Analyze Tool Effectiveness through Hands-On Incident Response Exercises
00:00 -
Multiple Choice Questions
-
True/False Questions
-
Scenario-Based Multiple Choice Questions
-
Key Terms and Concepts Questions
-
Short Answer Questions
-
Written Assignment
-
Presentation Task
-
Role-Playing Activity
-
Peer Review Task
-
Exercises and Activities Adaptation
Week 12: Managing Insider Threats
-
Managing Insider Threats
00:00 -
LO1: Define Insider Threats and Characteristics within Organizations
11:46 -
LO2: Explain Detection and Response Strategies for Insider-Related Incidents
00:00 -
LO3: Evaluate Case Studies to Assess Impact of Insider Threat Management Approaches
00:00 -
Multiple Choice Questions
-
True/False Questions
-
Scenario-Based Multiple Choice Questions
-
Key Terms and Concepts Questions
-
Short Answer Questions
-
Written Assignment
-
Presentation Task
-
Role-Playing Activity
-
Peer Review Task
-
Exercises and Activities Adaptation
Week 13: Business Continuity and Disaster Recovery Planning
-
Business Continuity and Disaster Recovery Planning
00:00 -
LO1: Explain Relationship between Incident Response, Business Continuity, and Disaster Recovery
00:00 -
LO2: Describe Key Components of Business Continuity and Disaster Recovery Plans
00:00 -
LO3: Analyze how Integrated Planning Enhances Organizational Resilience
00:00 -
Multiple Choice Questions
-
True/False Questions
-
Scenario-Based Multiple Choice Questions
-
Key Terms and Concepts Questions
-
Short Answer Questions
-
Written Assignment
-
Presentation Task
-
Role-Playing Activity
-
Peer Review Task
-
Exercises and Activities Adaptation
Week 14: Recent Trends in Incident Response
-
Recent Trends in Incident Response
00:00 -
LO1: Describe Emerging Cyber Threats and Advanced Persistent Threats
00:00 -
LO2: Explain Evolving Incident Response Strategies in Response to Modern Threats
00:00 -
LO3: Evaluate Recent Research and Industry Trends to Assess Future Directions in Incident Response
00:00 -
Multiple Choice Questions
-
True/False Questions
-
Scenario-Based Multiple Choice Questions
-
Key Terms and Concepts Questions
-
Short Answer Questions
-
Written Assignment
-
Presentation Task
-
Role-Playing Activity
-
Peer Review Task
-
Exercises and Activities Adaptation
Week 15: Review and Final Preparation
-
Review and Final Preparation
00:00 -
LO1: Summarize Core Concepts and Practices covered throughout Course
00:00 -
LO2: Analyze Integrated Incident Response Scenarios using Comprehensive Knowledge
00:00 -
LO3: Prepare Strategically for Final Assessments through Structured Review Activities
00:00 -
Multiple Choice Questions (copy)
-
True/False Questions
-
Key Terms and Concepts Questions
-
Short Answer Questions
-
Written Assignment
-
Presentation Task
-
Role-Playing Activity
-
Peer Review Task
-
Exercises and Activities Adaptation
Week 16: Final Test or Project
-
Final Test
00:00 -
Multiple Choice Questions
-
True/False Questions
-
Scenario-Based Multiple Choice Questions
-
Short Answer Questions
-
Written Assignment
-
Presentation Task
-
Role-Playing Activity
-
Peer Review Task
-
Exercises and Activities Adaptation
