CS 285 Cybersecurity Operations

This course is designed to teach students basic incident response and incident handling, including identifying sources of attacks and security breaches, analyzing security logs and network traffic, performing postmortem analysis, and implementing and modifying security measures. It will provide them with the fundamental knowledge and core skills needed to begin working in a Security Operations Center (SOC) as a junior analyst.

Credits

Prerequisite

CS 189 or CS 279, and CS 284

Course Learning Outcomes

Upon successful completion of this course, the student will be able to:
1. Learn basic incident analysis and methods, using industry standard tools
2. Explain basic event correlation, normalization, and metrics of event data
3. Describe common attack vectors against networks and hosts
4. Understand SOC workflow management system and automation
5. Interpret log data to identify malicious activity on Windows and Linux hosts
6. Using security monitoring techniques, apply the processes of identifying sources and types of data and events