UC2IRF10 Incident Response Fundamentals
UC2IRF10 Incident Response Fundamentals
- Course description
- NQF LevelBachelor's degree (Level 6 1. Cycle)
- Area of StudyComputing
- Program of StudyDigital Forensics and Incident Response
- ECTS10
- CampusKristiansand, OnlinePLUS - Bergen, OnlinePLUS - Oslo, Online
- Course LeaderEmlyn Butterfield
Language of Instruction and assessment: English
May be offered on Campus and Online.
May be offered as a separate course.
Included in the following bachelor's degrees:
- Digital Forensics and Incident Response
This course aims to provide students with foundational skills required for incident response. It exposes students to the necessary tools, techniques, and procedures to effectively identify, contain, and remediate incidents initiated by various adversaries. Emphasis is placed on understanding main process models used in incident response such as NIST and SANS, and the fundamental concepts of identifying and preserving evidence during an incident. Students gain practical skills in incident response processes, documenting incidents, planning, processing, and analysing digital incidents, as well as identifying and preserving potential evidence.
The student has knowledge of
| K1 | the main process models used in incident response, including NIST and SANS process models. |
|---|---|
| K2 | the fundamental concepts of evidence sources when dealing with an incident. |
| K3 | the importance of proper documentation and evidence preservation. |
The student gain skills in
| S1 | incident response processes and best practices. |
|---|---|
| S2 | proper documenting of an incident. |
| S3 | an ability to plan, process and analyse a digital incident. |
| S4 | identification of potential evidence sources. |
| S5 | preservation of potential evidence. |
The student can demonstrate
| G1 | systematically approaching an incident and deal with the initial stages. |
|---|
- Fundamental incident response concepts
- Incident Response processes
- Evidence and information identification
- Preservation of evidence and information
- Incident handling techniques
- Teaching will be based on a hybrid-flexible approach. Instructor-led face-to-face learning is combined with online learning in a flexible course structure that gives students the option of attending sessions in the classroom, participating online, or doing both.
- All activities require active student participation in their own learning.
- Learning delivery methods and available resources will be selected to ensure constructive alignment with course content, learning outcomes and assessment criteria.
- Students will be taught using a mixture of guidance, self-study, and lecture material. Topics will be introduced in a series of weekly lectures. The guidance sessions will be directed practical exercises and reading in which students can explore topics with support from a teacher. This material will also require students to self-manage their time to ensure tasks are completed and the theory is fully understood. This will allow the students to fully engage with lectures and with their peers.
- Learning resources are available in the LMS and include, but is not limited to:
- literature and online reading material (essential and recommended)
- streams, recordings and other digital resources, where applicable
- video conferencing and communication platforms, if applicable
- tools, software and libraries, where applicable
- Students must have access to an internet connection, and suitable hardware.
- Accessing live streams and virtual laboratories requires a minimum broadband connection of 2Mbps (4Mbps recommended).
- Students working on their own laptop/computer are required to acquire appropriate communications software, e.g., webcam, microphone, headphones.
The reading list for this course and any additional electronic resources will be provided in the LMS.
| Activity | Duration |
|---|---|
Teacher-led activity | 39 |
Teacher-supported work | 48 |
Self-study | 163 |