Cyber Incident Handling
BASIC DATA
course listing
A - main register
course code
ITC8270
course title in Estonian
Küberintsidentide haldamine
course title in English
Cyber Incident Handling
course volume CP
-
ECTS credits
6.00
to be declared
yes
fully online course
not
assessment form
Graded assessment
teaching semester
autumn - spring
language of instruction
Estonian
English
Study programmes that contain the course
code of the study programme version
course compulsory
no
Structural units teaching the course
IT - Department of Software Science
Timetable link
Version:
VERSION SPECIFIC DATA
course aims in Estonian
Aine eesmärk on anda üliõpilasele baasteadmised turbekeskuses (SOC) töötamiseks, et ta oleks võimeline osalema küberintsidendile reageerimisel.
course aims in English
The aim of this course is to give the student foundational knowledge required to work in a security operation center (SOC) and participate in cyber incident response.
learning outcomes in the course in Est.
Õppeaine läbinud üliõpilane:
- oskab luua luua intsidendi halduse meeskonda;
- haldab küberintsidente, säilitades vajalikud tõendid ja tõendite ahelad;
- loob intsidendihalduse süsteemi ja haldab koostööd õiguskaitseorganite ning intsidendihaldajate vahel;
- loob protseduurid tõendite ja intsidentide haldamiseks.
- oskab luua luua intsidendi halduse meeskonda;
- haldab küberintsidente, säilitades vajalikud tõendid ja tõendite ahelad;
- loob intsidendihalduse süsteemi ja haldab koostööd õiguskaitseorganite ning intsidendihaldajate vahel;
- loob protseduurid tõendite ja intsidentide haldamiseks.
learning outcomes in the course in Eng.
After completing this course, the student:
- is able to establish incident handling team and typical team designs;
- manages cyber incidents, preserving needed evidence and chain of evidence;
- builds incident management system and manages cooperation between law enforcement and incident handlers;
- establishes procedures for evidence and incident management.
- is able to establish incident handling team and typical team designs;
- manages cyber incidents, preserving needed evidence and chain of evidence;
- builds incident management system and manages cooperation between law enforcement and incident handlers;
- establishes procedures for evidence and incident management.
brief description of the course in Estonian
Triaaž ja intsidendihaldus
Intsidendihalduse protseduuride loomine ja testimine
Suuremahulise intsidendi haldus
Koostöö õiguskaitseorganitega
Küberkuriteo jälgede identifitseerimine ja käsitlemine
Intsidendihaldus ja koostöö õngitsemisjuhtumite korral
Õiguskaitseorganite vaade turvaintsidentidele
Õiguskaitseorganite vajadused tõnedite analüüsil
(Laua)õppused intsidendihalduse võime arendamises
Intsidendihalduse protseduuride loomine ja testimine
Suuremahulise intsidendi haldus
Koostöö õiguskaitseorganitega
Küberkuriteo jälgede identifitseerimine ja käsitlemine
Intsidendihaldus ja koostöö õngitsemisjuhtumite korral
Õiguskaitseorganite vaade turvaintsidentidele
Õiguskaitseorganite vajadused tõnedite analüüsil
(Laua)õppused intsidendihalduse võime arendamises
brief description of the course in English
Triage and basic incident handling
Creating incident handling procedures and testing
Large scale incident handling
Cooperation with Law Enforcement agencies
Identifying and handling cyber-crime traces
Incident handling and cooperation during phishing campaign
Law enforcement view of computer security incidents
Law enforcement needs for evidence analysis
Role of (tabletop) exercises in developing incident handling capability
Creating incident handling procedures and testing
Large scale incident handling
Cooperation with Law Enforcement agencies
Identifying and handling cyber-crime traces
Incident handling and cooperation during phishing campaign
Law enforcement view of computer security incidents
Law enforcement needs for evidence analysis
Role of (tabletop) exercises in developing incident handling capability
type of assessment in Estonian
-
type of assessment in English
-
independent study in Estonian
-
independent study in English
-
study literature
Kursuse Moodle'i lehel. // On the course Moodle page. Link in the extended syllabus.
Kui te ei ole küberkaitse magistriõppe üliõpilane, palun võtke parooli saamiseks ühendust õppejõuga. // If you are not a Cyber Security MSc student, please contact the professor for the password.
Kui te ei ole küberkaitse magistriõppe üliõpilane, palun võtke parooli saamiseks ühendust õppejõuga. // If you are not a Cyber Security MSc student, please contact the professor for the password.
study forms and load
daytime study: weekly hours
4.0
session-based study work load (in a semester):
lectures
2.0
lectures
-
practices
0.0
practices
-
exercises
2.0
exercises
-
lecturer in charge
-
LECTURER SYLLABUS INFO
semester of studies
teaching lecturer / unit
language of instruction
Extended syllabus or link to Moodle or to home page
2025/2026 autumn