course aims in Estonian
Aine eesmärk on anda üliõpilasele baasteadmised turbekeskuses (SOC) töötamiseks, et ta oleks võimeline osalema küberintsidendile reageerimisel.
course aims in English
The aim of this course is to give the student foundational knowledge required to work in a security operation center (SOC) and participate in cyber incident response.
learning outcomes in the course in Est.
Õppeaine läbinud üliõpilane:
- oskab luua luua intsidendi halduse meeskonda;
- haldab küberintsidente, säilitades vajalikud tõendid ja tõendite ahelad;
- loob intsidendihalduse süsteemi ja haldab koostööd õiguskaitseorganite ning intsidendihaldajate vahel;
- loob protseduurid tõendite ja intsidentide haldamiseks.
learning outcomes in the course in Eng.
After completing this course, the student:
- is able to establish incident handling team and typical team designs;
- manages cyber incidents, preserving needed evidence and chain of evidence;
- builds incident management system and manages cooperation between law enforcement and incident handlers;
- establishes procedures for evidence and incident management.
brief description of the course in Estonian
Triaaž ja intsidendihaldus
Intsidendihalduse protseduuride loomine ja testimine
Suuremahulise intsidendi haldus
Koostöö õiguskaitseorganitega
Küberkuriteo jälgede identifitseerimine ja käsitlemine
Intsidendihaldus ja koostöö õngitsemisjuhtumite korral
Õiguskaitseorganite vaade turvaintsidentidele
Õiguskaitseorganite vajadused tõnedite analüüsil
(Laua)õppused intsidendihalduse võime arendamises
brief description of the course in English
Triage and basic incident handling
Creating incident handling procedures and testing
Large scale incident handling
Cooperation with Law Enforcement agencies
Identifying and handling cyber-crime traces
Incident handling and cooperation during phishing campaign
Law enforcement view of computer security incidents
Law enforcement needs for evidence analysis
Role of (tabletop) exercises in developing incident handling capability
type of assessment in Estonian
-
type of assessment in English
-
independent study in Estonian
-
independent study in English
-
study literature
Kursuse Moodle'i lehel. // On the course Moodle page. Link in the extended syllabus.
Kui te ei ole küberkaitse magistriõppe üliõpilane, palun võtke parooli saamiseks ühendust õppejõuga. // If you are not a Cyber Security MSc student, please contact the professor for the password.
study forms and load
daytime study: weekly hours
4.0
session-based study work load (in a semester):