PROGRAMME: BCA (Bachelor of Computer

Applications) SEMESTER – III

Teaching-Learning & Evaluation Plan (TLEP)

Course Information:

Course Code: 22BCACS602 Course Title: Cyber Security Incident

Handling
Credits Units: 03 Contact Hours+ Experiential Hours : 45+45
L-T-P-E : 3-0-0-3

IA: UE Weightage – 50 : 50 Pass Marks (IA & ESE)– 40 (ESE – Min.18) Aggregate Pass Marks: 40%
UE Question Paper Marks: 50 Special Examination Fees: NA

Pre-requisite (if any):

Students should know the Cyber Security Incident Handling
Course Facilitator (s):
Dr. Ashvini Alashetty

Outcomes (POs) and Programme Specific Outcomes (PSOs)

Programme Outcomes (POs)

At the end of the programme, students will be able to

PO 1 Computational Knowledge: Understand and apply mathematical foundation, computing and domain
knowledge for the conceptualization of computing models from defined problems.
PO 2 Problem Analysis: Ability to identify, critically analyze and formulate complex computing problems
using fundamentals of computer science and application domains.

PO 3 Design / Development of Solutions: Ability to transform complex business scenarios and contemporary
issues into problems, investigate, understand, and propose integrated solutions using emerging
technologies.

PO 4 Conduct Investigations of Complex Computing Problems: Ability to devise and conduct experiments,
interpret data and provide well-informed conclusions.

PO 5 Modern Tool Usage: Ability to select modern computing tools, skills and techniques necessary for
innovative software solutions.

PO 6 Professional Ethics: Ability to apply and commit professional ethics and cyber regulations in a global
economic environment.

PO 7 Life-long Learning: Recognize the need for and develop the ability to engage in continuous learning as a
Computing professional.

PO 8 Project Management: Ability to understand management and computing principles with computing
knowledge to manage projects in multidisciplinary environments.
 PO 9 Communication Efficacy: Communicate effectively with the computing community as well as society
by being able to comprehend effective documentations and presentations.

PO 10 Societal & Environmental Concern: Ability to recognize economic, environmental, social, health,
legal, ethical issues involved in the use of computer technology and other consequential responsibilities
relevant to professional practice.

PO11 Individual & Team Work: Ability to work as a member or leader in diverse teams in multidisciplinary
environment.

PO12 Innovation and Entrepreneurship: Identify opportunities, entrepreneurship vision and use of
innovative ideas to create value and wealth for the betterment of the individual and society.

Program Specific Outcomes (PSO’s)

Understand, analyze and develop computer programs and algorithms, develop solutions for specific
PSO applications using appropriate data modeling concepts.
01
Apply standard software engineering practices and strategies in software project development using open-
PSO source programming environment to deliver a quality product for business success.
02
Be acquainted with the contemporary issues, latest trends in technological development and thereby
PSO generate new ideas and solutions to existing problems.
03

Course Objectives:
To Study the basic taxonomy and terminology of the computer networking and enumerate the layers
COB1
of OSI model and TCP/IP model.
To Gain the knowledge of basic network devices, Wireless Technology and wireless
COB2
networking components
COB3 To Acquire the knowledge of Network Layer routing protocols and Application Layer
To Learn the WAN Technology and Network Operating Systems as well as basic trouble
COB4 shooting network

Course Outcomes:
At the end of the course, students will be able to
S Cours Bloom’s
l e Descripti Taxono
N Outco on my
o me Level
1 C Describe the basics of data communication, networking, internet and their L
O importance 2
1
2 C Explain the concepts of layered architecture, protocols and interworking in L
O computer networks 2
2
3 C Examine the various networks using the logical addressing by applying
O subnetting and routing concepts L
3 4
4 C Demonstrate the working of transport and application layer protocols in an IP L
O based networking infrastructure. 3
4
 5 C Assess application layer services, client-server model, HTTP, email, WWW,
O TELNET. L
5 5

CO-PO/PSO Mapping: (3-Strong Correlation 2- Medium Correlation 1- Low Correlation)

Cours Bloom’ Program Specific

e s Outcomes(PSO)
Outco Taxono
me my Program
Level Outcomes(PO)

PO PO PO PO PO PO PO PO PO P P P PS PS PS
1 2 3 4 5 6 7 8 9 O O O O1 O2 O3
10 11 12
CO1 L2 2 3 1 1 2 1 1 1 2 1 1 1 2 1 1
CO2 L3 3 3 2 2 2 1 2 1 2 1 2 1 3 2 2
CO3 L4 3 3 3 3 3 2 3 2 2 3 2 3 3 3
3
CO4 L5 3 3 3 3 3 3 3 3 3 3 3 3 3 3
3
CO5 L5 3 3 3 3 3 3 3 3 3 3 3 3 3 3
3
CO 2.8 3 2.4 2.4 2.6 2.0 2.4 2.0 2.0 2.4 2.0 2.8 2.4 2.4
Avg. 2.6
 Course Contents:

SYLLABUS

Module Contents Tools Used / CO PO Mapping

(Hours) Assessment and Mapping
Activity
Module 1 Introduction to Incident Handling Analysis of CO1 PO1,
(9Hrs) Incident Handling Definition & Scope- Need for various cyber PO2,
Incident Response-Types of Computer Security incident statics PO3
Incidents, Examples of Incidents- Incidents and coming up PO5, PO6,
Categorization, Low Level Incident, Mid-Level with PO7,
Incident, High Level Incident- Cyber Incident analysis report PO8,
Statistics PO10,
PO11
Module 2 Organizing a Computer Security Incident Coming up CO1, PO3,
(9Hrs) Response Capability with CO2 PO6, PO7,
infographic PO9,
Incident Response Policy, Plan, and Procedure designs to PO10,
Creation, -Policy Elements-Plan Elements- implement PO11
Procedure Elements Sharing Information with Incident
Outside Parties- Incident Response Team response
Structure-Team Models, Team Model Selection, Policy, Plan,
Incident Response Personnel and Procedure
-Dependencies within Organizations, Incident Creation
Response Team Services

Module 3 Handling an Incident Collecting, CO1, PO3, PO6,

(9Hrs) Incident handling Preparation-Preparing to reading and CO2, PO8, PO9,
Handle Incidents-Preventing Incidents- compilation of CO3 PO10
Detection and Analysis- Attack various
Vectors, Signs of an Incident, Sources of researched
Precursors and Indicators-Incident Analysis- paper on
Incident Documentation Incident incident
Prioritization-Incident Notification handling
assignment

Module 4 Incident Containment, Eradication and CO3, PO1, PO2,

(9Hrs) Recovery Containment, Eradication, and Certification CO4 PO3
Recovery -Choosing a Containment Strategy- courses on PO5, PO6,
Evidence Gathering and Handling -Identifying containment, PO7,
the Attacking Hosts-Eradication and Recovery - PO8,
Post-Incident Activity-Lessons Learned Using Eradication and
Collected Incident Data- Evidence Retention recovery
Incident Handling Checklist
Module 5 Incident Prioritization, Response and Presentations on CO3, PO1,
(9Hrs) Reporting Incident Prioritization-Incident CO4, PO2,
Response-Incident Handling, Disaster Recovery- virtualization CO5 PO3,PO4,
Technologies and Impacts-Virtualization and and impacts of PO5,PO6,
Impacts incident PO7,PO8,
Estimated Cost of an Incident-Incident handling PO9,PO1
Reporting Organizations 0
 Vulnerability Reports, Incident Identification

Textbook

1. Paul Cichonski Tom Millar TimGrance Karen Scarfone,”Computer Security Incident Handling
Guide”, 3rd Edition, 2018 (Chapter: 1-3)
2. Keith J. Jones, Richard Bejtlich, Curtis W. Rose, “Real Digital Forensics: Computer Security and
Incident Response”, Paperback – Import, 2005.(Chapter:4-7)

References

1 John Sammons, “The Basics of Digital Forensics: The Primer for Getting Started in Digital
Forensics” Paperback, February 24, 2012.
2 Stuart McClure, Joel Scambray and George Kurtz, “Hacking Exposed: Network Security
Secrets & Solutions”, 3rd Edition, McGraw-Hill, 2005.
Session-Wise Plan:

Abbreviations &
Expansions
Pedagogy/Activity Mode of
Planned Delivery
P Synchronous-PPT M1 Synchronous - PPT
1
P Blended Learning M2 Asynchronous/Synchronous
2
P Flip Class/Quiz M3 Synchronous-Hands On
3
A Activity-1 M4 Synchronous-Discussion
1
A Activity-2
2

Web Video Links: WVL

https://youtu.be/aZRhzea_nas?si=8UXzyC2_yizfTa6x
WVL-1 Module
-1
WVL-2 Module https://youtu.be/IRSQEO0koYY?si=nnlz7b7gceEk7lFm
-2
https://youtu.be/dagb12kvr8M?si=tTaZC5Ig6DmTvmcS
WVL-3 Module
-3
WVL-4 Module https://www.youtube.com/watch?v=PCbtJ-
-4 GudLk&list=PLi04cDmxUX2tyKB87n1wsBtYEGgmmrTrg
WVL-5 Module https://youtu.be/xhNFH5FBbC0?si=wea9S6ozBVE6EDQb
-5

Web Text Links: WTL

WTL-1 Module https://www.techtarget.com/searchsecurity/definition/incident-response

-1
WTL-2 Module https://www.sentinelone.com/cybersecurity-101/services/incident-response-team/
-2 #:~:text=Structure%20of%20an%20Incident%20Response%20Team%20and%20Roles,-As
%20Zenduty%20puts&text=The%20incident%20manager%20is%20essentially,allocating
%20resources%20within%20the%20team.
WTL-3 Module https://www.titanfile.com/blog/phases-of-incident-response/
-3
https://www.scworld.com/native/6-steps-to-
WTL-4 Module accelerate-cybersecurity-incident-response
-4
WTL-5 Module https://www.manageengine.com/products/service-desk/it-incident-management/what-is-it-
-5 incident-management.html
 Blended Learning [P2-Blended Learning with Hands on] :
Interaction - (30 minutes) Teacher Input 20 minutes) Wrap Up (10 minutes)

MOOC Courses (MC):

Sr.N Platfor Topic CO Link Duration

o. m
MC-1 Coursera Cyber C01 https://www.coursera.org/specializations/cyber- 10hrs
Incident incident-response
Response
Specializati
on

MC-2 LinkedIn Incident CO1 https://www.linkedin.com/learning/incident-response- 5 hr

Learning Response CO2 planning-19403319 37min
Planning
MC-3 LinkedIn Learning Co1, https://www.linkedin.com/learning/learning-cyber- 4hr
Learning Cyber CO2,CO3 incident-response-and-digital-forensics-21598044 58min
Incident CO4
Response
and Digital
Forensics
MC-4 LinkedIn Cert Prep: CO1, https://www.linkedin.com/learning/cert-prep-ec- 19hr
Learning EC-Council CO2,CO3 council-certified-incident-handler-ecih-v2-212-89
Certified CO4,CO5
Incident
Handler
(ECIH) v2
(212-89)
MC-5 LinkedIn SSCP Cert CO1 CO3 https://www.linkedin.com/learning/sscp-cert-prep-4- 1hr
Learning Prep: 4 CO4 CO5 incident-response-and-recovery-14391105 49min
Incident
Response
and
Recovery
MC-6 LinkedIn Managed CO3 https://www.linkedin.com/learning/managed-detection-and- 4hr 7min
Learning Detection CO4,CO5 response-mdr-advanced-strategies
and
Response
(MDR)
Advanced
Strategies
Total MOOC Course integration with Certification 48
hours
 A1 - Activity-1: LinkedIn Learning
Students need to complete minimum 15 hours LinkedIn Certification Course(s) on Computer
Networks and prepare a handwritten report to upload along with the certificates.
Rubric for Activity-1 [MOOC Learning]

Fair Good
Poor Excellent Weighta
Criteria Below Needs Meets Exceeds ge
Expectation Expectation
Improvement Expectation

Certificate (5-6 marks) (7-8 marks) (9 marks)

Completio (10 marks)
n Completed less Completed 15 Completed
than 15 hrs in 1- hrs or less in required 15 Completed required 15
2 2-3 hrs
in less 5-6 15 hrs in 7-8 days
days days days

Report
(2 marks) (4 marks)
Submissio (3 marks) (5 marks)
n Good Clarity
Poor Clarity in Moderate in Very Good Clarity
clarity lessons in
lessons learned; learned 15
in lessons lessons learned &
poorly organised learned & & organised well organised
report report
report report

Oral
Presentati (3 marks)
on
(2 marks) (4 marks) (5 marks)
Moderate Good Very Good
Poor language, language, language, language, 10
voice, voice, &
voice, & Content Content voice, & Content
& Content

Question- (2 marks) (3 marks) (4 marks)

Answers less (5 marks)
Answer than Answers 3 Answers 4
Answers all 5 10
3 questions questions questions
questions correctly
correctly correctly correctly
A2 - Activity-2: MiniProject
.

Rubric for Activity-2 [Mini

Project]

Poor Fair Good Excellent

Weighta
Criteria Below Needs Meets Exceeds ge
Expectatio Improveme
n nt Expectation Expectation

Coding/
Implementatio (8 (10-11 (12-13 (14-15
n/Simulation marks) marks) marks) marks) (15 marks)

(8 marks) (10-11 (14-15

Report Poor: marks) (12-13 marks)
Submission Trivial Moderate: marks) Very Good
Idea, No Good Report:
Trivial Idea, Report:
Clarity in Trivial Idea,
No much Innovative
Items Clarity in 15
Clarity in Clear Idea,
presented
& Items Clarity in
Items Items
plagiarism presented & presented &
presented & No No
No plagiarism
plagiarism plagiarism

(2
Oral marks) (3 marks) (4 marks) (5 marks)
Presentation Poor Moderate Good Very Good
language, language, language, language, 15
 voice, & voice, & voice, & voice, &
Content Content Content Content

(2
Question- marks)
(3 marks) (4 marks) (5 marks)
Answer Answers
Answers 3 Answers 4 Answers all 5
less than 3 5
questions questions questions
questions
correctly correctly correctly
correctly
 Assessment Scheme: IA: UE - 30:70
Sl. Assessment Formative/ Frequency Weight CO
No. Instrument Summative age
(%)
1 Class Participation Formative Continuous 5 CO1, CO2, CO3, CO4, CO5

2 Activity-1 1 15 CO1, CO2, CO3, CO4, CO5

3 Activity-2 1 15 CO3
4. Internal Test - 1 Formative 1 7.5 CO1, CO2,CO3
5 Internal Test - 2 1 7.5 CO3, CO4, CO5
6. End Semester Exam Summative 1 50 CO1, CO2, CO3, CO4, CO5
Total 100

Session-wise Planning:

Module Session Topic PPT Readings Pedagogy/ CO Mode

and Activity Planned of
References Deliver
y
Session 1 Incident https:// "Computer Overview CO1 Synchr
Handling docs.google Security discussion and onous
Definition & .com/ Incident Q&A on the
Scope presentation Handling importance and
/d/1t- Guide", 3rd definitions of
PKlqhCcsh Edition, incident
H5cZRFprq 2018. handling.
ymwff589i
O2v/ CO1
Module 1 edit#slide=i
d.p1
Session Types of https:// Computer Quiz on types of Synchr
2 Computer docs.google Security computer security onous
Security .com/ Incident incidents and
Incidents presentation Handling examples
/d/1t- Guide", 3rd
PKlqhCcsh Edition, CO1
H5cZRFprq 2018.
ymwff589i
O2v/
edit#slide=i
d.p1
Session Cyber Incident https:// Real Digital Analysis of Synchr
3 Statistics docs.google Forensics: various cyber onous
.com/ Computer incident
presentation Security and statistics and
/d/1t- Incident formulation of
PKlqhCcsh Response" an analysis
H5cZRFprq by Keith J. report. CO1
ymwff589i Jones et al.
O2v/
edit#slide=i
d.p1
Session Incident https:// Computer infographic Synchr
4 Categorization docs.google Security design to CO1 onous
.com/ Incident implement
presentation Handling incident
/d/1t- Guide", 3rd response policy,
PKlqhCcsh Edition, plan, and
H5cZRFprq 2018 procedure.
ymwff589i
O2v/ CO1
edit#slide=i
d.p1
Session Need for Incident https:// Computer Case study Synchr
5 Response docs.goo Security discussion on CO1 onous
gle.com/ Incident policy elements,
presentat Handling plan elements,
ion/d/1t- Guide", 3rd and procedure
PKlqhCc Edition, elements.
shH5cZ 2018.
RFprqy
mwff589 CO1
iO2v/
edit#slid
e=id.p1
Session Low Level https:// Computer Discussion on Synchr
6 Incident Analysis docs.goo Security and team model onous
gle.com/ Incident selection and
presentat Response" dependencies. CO1
ion/d/1t- by Keith J.
PKlqhCc Jones et al.
shH5cZ
RFprqy
mwff589
iO2v/
edit#slid
e=id.p1
Session Mid-Level https:// Real Digital Interactive Synchr
7 Incident Analysis docs.goo Forensics: session with onous
gle.com/ Computer incident reports
presentat Security and and
ion/d/1t- Incident prioritization
PKlqhCc Response" techniques.
shH5cZ by Keith J.
RFprqy Jones et al.
mwff589
iO2v/
edit#slid
e=id.p1
Session High-Level https:// Computer Case study Synchr
8 Incident Analysis docs.goo Security discussion on onous
gle.com/ Incident response
presentat Handling strategies for
ion/d/1t- Guide", 3rd high-level
PKlqhCc Edition, incidents.
shH5cZ 2018.
RFprqy
mwff589
iO2v/
edit#slid
e=id.p1
 Session Recap of the https:// Real Digital Q&A session, Synchr
9 module. docs.goo Forensics: review of key onous
gle.com/ Computer concepts, and
presentat Security and summary of
ion/d/1t- Incident module.
PKlqhCc Response"
shH5cZ by Keith J.
RFprqy Jones et al.
mwff589
iO2v/
edit#slid
e=id.p1
Session Incident Response https:// Computer Overview CO1, Synchr
1 Policy, Plan, and docs.goo Security and discussion and CO2 onous
Procedure gle.com/ Incident Q&A on the
Creation. presentat Response" importance and
ion/d/ by Keith J. definitions of
1lwO_3c Jones et al. incident
EBwxZ handling.
ZdJHsJk
2ejmmV CO1,
MDRKJ CO2
KG4/
Module 2 edit#slid
e=id.p1
Session Policy Elements https:// Real Digital Quiz on types of
2 and Plan docs.goo Forensics: computer Synch
Elements. gle.com/ Computer security ronou
presentat Security and incidents and CO1, s
ion/d/ Incident examples
CO2
1lwO_3c Response"
EBwxZ by Keith J.
ZdJHsJk Jones et al.
2ejmmV
MDRKJ
KG4/ CO1,
edit#slid CO2
e=id.p1
Session Procedure https:// Computer Analysis of Synchr
3 Elements and docs.goo Security and various cyber onous
Sharing gle.com/ Incident incident
Information with presentat Response" statistics and
Outside Parties. ion/d/ by Keith J. formulation of
1lwO_3c Jones et al. an analysis
CO1,
EBwxZ report. CO2
ZdJHsJk
2ejmmV
MDRKJ
KG4/
edit#slid
e=id.p1
Session Incident https:// Real Digital infographic Synchr
4 Response Team docs.goo Forensics: design to onous
Structure and gle.com/ Computer implement
Team Models. presentat Security and incident
CO1,
ion/d/ Incident response policy,
1lwO_3c Response" plan, and CO2
EBwxZ by Keith J. procedure.
ZdJHsJk Jones et al.
 2ejmmV CO1,
MDRKJ CO2
KG4/
edit#slid
e=id.p1
Session Team Model https:// Computer Case study Synchr
5 Selection and docs.goo Security and discussion on onous
Incident gle.com/ Incident policy elements,
Response presentat Response" plan elements, CO1,
Personnel. ion/d/ by Keith J. and procedure CO2
1lwO_3c Jones et al. elements.
EBwxZ
ZdJHsJk
2ejmmV
MDRKJ
KG4/ CO1,
edit#slid CO2
e=id.p1
Session Dependencies https:// Real Digital Discussion on Synchr
6 within docs.goo Forensics: team model onous
Organizations gle.com/ Computer selection and
and Incident presentat Security and dependencies.
Response Team ion/d/ Incident
Services. 1lwO_3c Response"
EBwxZ by Keith J.
ZdJHsJk Jones et al.
2ejmmV
MDRKJ
KG4/
edit#slid
e=id.p1
Session Case study on https:// Computer Interactive Synchr
7 team docs.goo Security and session with onous
responsibilities gle.com/ Incident incident reports
and presentat Response" and
dependencies. ion/d/ by Keith J. prioritization
1lwO_3c Jones et al. techniques.
EBwxZ
ZdJHsJk
2ejmmV
MDRKJ
KG4/
edit#slid
e=id.p1
Session Interactive https:// Real Digital Case study Synchr
8 session on setting docs.goo Forensics: discussion on onous
up a response gle.com/ Computer response
team and roles. presentat Security and strategies for
ion/d/ Incident high-level
1lwO_3c Response" incidents.
EBwxZ by Keith J.
ZdJHsJk Jones et al.
2ejmmV
MDRKJ
KG4/
edit#slid
e=id.p1
Session Review and https:// Computer Q&A session, Synchr
9 Q&A on the docs.goo Security and review of key onous
 organization and gle.com/ Incident concepts, and
structure of presentat Response" summary of
incident response ion/d/ by Keith J. module.
capability. 1lwO_3c Jones et al.
EBwxZ
ZdJHsJk
2ejmmV
MDRKJ
KG4/
edit#slid
e=id.p1
Session Incident handling https:// Computer Interactive CO1, Synchr
1 Preparation and docs.goo Security and session with CO2, onous
Prevention. gle.com/ Incident incident reports CO3
presentat Response" and
ion/d/ by Keith J. prioritization
1PrCUz Jones et al. techniques.
o1xt9lO
RdaRC4 CO1,
WH1_6a CO2,
LXltoH9 CO3
m/
edit#slid
e=id.p1
Session Detection and https:// Real Digital Interactive Synchr
2 Analysis. docs.goo Forensics: session with onous
gle.com/ Computer incident reports CO1,
presentat Security and and CO2,
ion/d/ Incident prioritization
Module 3
CO3
1PrCUz Response" techniques.
o1xt9lO by Keith J.
RdaRC4 Jones et al.
WH1_6a
LXltoH9 CO1,
m/ CO2,
edit#slid CO3
e=id.p1
Session Attack Vectors https:// Computer Interactive Synchr
3 and Signs of an docs.goo Security and session with onous
Incident. gle.com/ Incident incident reports
presentat Response" and
ion/d/ by Keith J. prioritization
1PrCUz Jones et al. techniques.
CO1,
o1xt9lO CO2,
RdaRC4 CO3
WH1_6a
LXltoH9
m/ CO1,
edit#slid CO2,
e=id.p1 CO3
Session Sources of https:// Real Digital Interactive Synchr
4 Precursors and docs.goo Forensics: session with onous
Indicators. gle.com/ Computer incident reports
presentat Security and and
ion/d/ Incident prioritization
1PrCUz Response" techniques.
o1xt9lO by Keith J. CO1,
RdaRC4 Jones et al. CO2,
WH1_6a CO3
 LXltoH9
m/ CO1,
edit#slid CO2,
e=id.p1 CO3
Session Incident https:// Computer Interactive Synchr
5 Analysis. docs.goo Security and session with onous
gle.com/ Incident incident reports
presentat Response" and
ion/d/ by Keith J. prioritization
1PrCUz Jones et al. techniques.
o1xt9lO
RdaRC4
WH1_6a
LXltoH9
m/
edit#slid
e=id.p1
Session Incident https:// Real Digital Case study Synchr
6 Documentation. docs.goo Forensics: discussion on onous
gle.com/ Computer response
presentat Security and strategies for
ion/d/ Incident high-level
1PrCUz Response" incidents.
o1xt9lO by Keith J.
RdaRC4 Jones et al.
WH1_6a
LXltoH9
m/
edit#slid
e=id.p1
Session Incident https:// Computer Case study Synchr
7 Prioritization and docs.goo Security and discussion on onous
Notification. gle.com/ Incident response
presentat Response" strategies for
ion/d/ by Keith J. high-level
1PrCUz Jones et al. incidents.
o1xt9lO
RdaRC4
WH1_6a
LXltoH9
m/
edit#slid
e=id.p1
Session Interactive https:// Real Digital Case study Synchr
8 session on case docs.goo Forensics: discussion on onous
studies of gle.com/ Computer response
incident presentat Security and strategies for
handling. ion/d/ Incident high-level
1PrCUz Response" incidents.
o1xt9lO by Keith J.
RdaRC4 Jones et al.
WH1_6a
LXltoH9
m/
edit#slid
e=id.p1
Session Containment, https:// Computer Interactive CO3, Synchr
1 Eradication, and drive.go Security and session with CO4 onous
Recovery. ogle.co Incident incident reports
 m/ Response" and
drive/ by Keith J. prioritization
folders/ Jones et al. techniques.
1_dyAF
h0VuKg
CO3,
_aHyK
Module 4 Wo_dxQ
CO4
KfQYH
Hjoe1
Session Choosing a https:// Real Digital Interactive Synchr
2 Containment drive.go Forensics: session with onous
Strategy ogle.co Computer incident reports CO3,
m/ Security and and CO4
drive/ Incident prioritization
folders/ Response" techniques.
1_dyAF by Keith J.
h0VuKg Jones et al.
_aHyK
CO3,
Wo_dxQ
KfQYH CO4
Hjoe1
Session Evidence https:// Computer Interactive Synchr
3 Gathering and drive.go Security and session with onous
Handling. ogle.co Incident incident reports
m/ Response" and
drive/ by Keith J. prioritization
folders/ Jones et al. techniques. CO3,
1_dyAF CO4
h0VuKg
_aHyK
Wo_dxQ
KfQYH
Hjoe1
Session Identifying the https:// Real Digital Interactive CO3, Synchr
4 Attacking Hosts. drive.go Forensics: session with CO4 onous
ogle.co Computer incident reports
m/ Security and and
drive/ Incident prioritization
folders/ Response" techniques.
1_dyAF by Keith J.
h0VuKg Jones et al. CO3,
_aHyK CO4
Wo_dxQ
KfQYH
Hjoe1
Session Eradication and https:// Computer Interactive Synchr
5 Recovery. drive.go Security and session with CO3, onous
ogle.co Incident incident reports CO4
m/ Response" and
drive/ by Keith J. prioritization
folders/ Jones et al. techniques.
1_dyAF
h0VuKg
_aHyK CO3,
Wo_dxQ
CO4
KfQYH
Hjoe1
Session Post-Incident https:// Real Digital Interactive Synchr
6 Activity. drive.go Forensics: session with onous
 ogle.co Computer incident reports
m/ Security and and
drive/ Incident prioritization
folders/ Response" techniques.
1_dyAF by Keith J.
h0VuKg Jones et al.
_aHyK
Wo_dxQ
KfQYH
Hjoe1
Session Lessons Learned https:// Computer Interactive Synchr
7 Using Collected drive.go Security and session with onous
Incident Data. ogle.co Incident incident reports
m/ Response" and
drive/ by Keith J. prioritization
folders/ Jones et al. techniques.
1_dyAF
h0VuKg
_aHyK
Wo_dxQ
KfQYH
Hjoe1
Session Interactive https:// Real Digital Interactive Synchr
8 activity on drive.go Forensics: session with onous
handling ogle.co Computer incident reports
incidents post- m/ Security and and
attack. drive/ Incident prioritization
folders/ Response" techniques.
1_dyAF by Keith J.
h0VuKg Jones et al.
_aHyK
Wo_dxQ
KfQYH
Hjoe1
Session Review and https:// Real Digital Interactive Synchr
9 Q&A on drive.go Forensics: session with onous
containment, ogle.co Computer incident reports
eradication, and m/ Security and and
recovery drive/ Incident prioritization
strategies. folders/ Response" techniques.
1_dyAF by Keith J.
h0VuKg Jones et al.
_aHyK
Wo_dxQ
KfQYH
Hjoe1
Session Incident https:// Computer Case study CO3, Synchr
1 Prioritization drive.googl Security and discussion on CO4, onous
e.com/ Incident response CO5
drive/ Response" strategies for
folders/ by Keith J. high-level
1_dyAFh0 Jones et al. incidents.
VuKg_aHy
CO3,
KWo_dxQ CO4,
KfQYHHjo CO5
e1
Session Incident https:// Real Digital Q&A session, Synchr
2 Response drive.go Forensics: review of key onous
ogle.co Computer concepts, and
Module 5 m/ Security and summary of
drive/ Incident module.
folders/ Response" CO3,
1_dyAF by Keith J. CO4,
h0VuKg Jones et al.
CO5
_aHyK
Wo_dxQ
KfQYH
Hjoe1
Session Incident https:// Real Digital Case study Synchr
3 Handling drive.go Forensics: discussion on CO3, onous
ogle.co Computer response CO4,
m/ Security and strategies for CO5
drive/ Incident high-level
folders/ Response" incidents.
1_dyAF by Keith J.
h0VuKg Jones et al. CO3,
_aHyK
CO4,
Wo_dxQ
KfQYH CO5
Hjoe1
Session Disaster https:// Computer Q&A session, Synchr
4 Recovery drive.go Security and review of key onous
ogle.co Incident concepts, and
m/ Response" summary of CO3,
drive/ by Keith J. module. CO4,
folders/ Jones et al. CO5
1_dyAF
h0VuKg
_aHyK
Wo_dxQ
KfQYH
Hjoe1
Session Technologies and https:// Real Digital Case study CO3, Synchr
5 Impacts drive.go Forensics: discussion on CO4, onous
ogle.co Computer response CO5
m/ Security and strategies for
drive/ Incident high-level
folders/ Response" incidents.
1_dyAF by Keith J. CO3,
h0VuKg Jones et al. CO4,
_aHyK CO5
Wo_dxQ
KfQYH
Hjoe1
Session Virtualization https:// Real Digital Q&A session, Synchr
6 and Impacts drive.go Forensics: review of key onous
ogle.co Computer concepts, and CO3,
m/ Security and summary of CO4,
drive/ Incident module. CO5
folders/ Response"
1_dyAF by Keith J.
h0VuKg Jones et al.
_aHyK
Wo_dxQ
KfQYH
Hjoe1
Session Estimated Cost https:// Computer Case study Synchr
7 of an Incident drive.go Security and discussion on onous
 ogle.co Incident response
m/ Response" strategies for
drive/ by Keith J. high-level
folders/ Jones et al. incidents.
1_dyAF
h0VuKg
_aHyK
Wo_dxQ
KfQYH
Hjoe1
Session Incident https:// Real Digital Q&A session, Synchr
8 Reporting drive.go Forensics: review of key onous
Organizations ogle.co Computer concepts, and
m/ Security and summary of
drive/ Incident module.
folders/ Response"
1_dyAF by Keith J.
h0VuKg Jones et al.
_aHyK
Wo_dxQ
KfQYH
Hjoe1
Session Vulnerability https:// Real Digital Case study Synchr
9 Reports and drive.go Forensics: discussion on onous
Incident ogle.co Computer response
Identification m/ Security and strategies for
drive/ Incident high-level
folders/ Response" incidents.
1_dyAF by Keith J.
h0VuKg Jones et al.
_aHyK
Wo_dxQ
KfQYH
Hjoe1

Assessment Sheet with Rubrics for Grading & Evaluation

Activity-1 MOOC
Originality
Conclusion with of Report
Student Certificatio On-time Learning Outcome (less than
USN Name n Submission in Report 12%) Total Conversion
 15 Marks 5 Marks 20 Marks 10 Marks 50 15 Marks
Marks

Activity-2 Mini project

Abstract Coding and Originality of Report

On-time Synopsis Report with
Submissio implementatio (less than 12%) Total Conversion
Submission submission Identification Conclusion
n n
Stud
Sr.USN ent
No.No. Nam
e 5 10 5 5 10 10 50 15
10 Marks
Marks Marks Marks Marks Marks Marks Marks Marks