Course

Course Summary
Credit Type:
Course
ACE Course Number:
TEEX-0252
Organization Course Number:
CYB 301
Location:
Classroom-based
Length:
1 week (33 hours)
Dates Offered:
Credit Recommendation & Competencies
Level Credits (SH) Subject
Lower-Division Baccalaureate 3 Introduction to Computer Security, Business, or Public Management
Students must complete TEEX-0284, TEEX-0285, and TEEX-0286 to receive credit for this course.
Description

Objective:

The course objective is to provide requisite background theory and recommended best practices needed by business managers to keep their offices running during cyber incidents of different types.

Learning Outcomes:

  • Know reactive cyber incident management activities
  • Identify protecting and restoring systems that have been compromised by cyber security incidents including incident containment, identification, eradication, and recovery
  • Summarize the practice of business information continuity
  • Summarize risk management, the application of risk management practices to information systems, and how information systems risk management relates to business information continuity
  • Explain information technology components found in most organizations and an evaluation of their relative importance
  • Summarize risk identification and common hazards
  • Discuss risk control which involves risk detection, risk limitation, risk recovery, and risk plan monitoring
  • Discuss organizational security policies, how to apply them to an organization's practices, and how to successfully comply with industry standards such as COBIT, FISMA, PCI, and others
  • Summarize concepts for cyber incident management, as well as an overview of the cyber incident management process
  • Describe preparation phase of cyber security incident management
  • Specify cyber incident proactive and post services, legal issues, and human resource issues
  • Describes continuity plans
  • Review training that should be given to employees, and teaches how to derive maximum productivity from current and new staff
  • Describe the technical side of business information continuity
  • Recognize threats to business information continuity
  • Review inventory, personnel, and the previous continuity plan
  • Apply risk and hazard frameworks to common cyber threats
  • Define risk quantification, including quantitative and qualitative methods

General Course Topics:

  • Types of cyber incidents, common forms of malware and attacks, an outline of the cyber incident management process, and common standards for cyber incident management
  • Cyber incident management policies, services and procedures
  • Incident monitoring, log management, detection, cyber incident triage, event scope and characteristics, incident investigation, impact and escalation, and cyber incident management software and services
  • Mitigation of specific common types of cyber incidents
  • Cyber attack categories, outcome discussions, vulnerability analysis, evidence and digital forensics, and chain of custody
  • Impact analysis
  • Incident response teams, recovery plans and the procedures to use when changing and updating the business information continuity plan
  • Outsourcing
  • Software patching, methods to minimize human error, and hardware failures
  • Access control and the verification and validation procedures
  • Federal information security laws and repercussions from noncompliance
  • HIPAA, Sarbanes-Oxley, and other notable federal laws
  • Procedures for enumerating threats and testing plans
  • Information systems risk management programs
  • Valuation of critical assets
  • Risk and hazard frameworks to common cyber threats
  • Risk prioritization, tolerance, and response
  • Cyber security control practices
  • Basic concepts of business continuity planning
Instruction & Assessment

Instructional Strategies:

  • Audio Visual Materials
  • Computer Based Training
  • Practical Exercises

Methods of Assessment:

  • Examinations
  • Quizzes

Minimum Passing Score:

70%
Supplemental Materials