CIS*6580 - Security Monitoring and Cyber Threat Hunting

Course Description

This course provides a comprehensive review of tools, techniques, and procedures for monitoring network events and assets to build a secure network architecture. It then looks at methods for hunting attackers that could bypass designed network defence mechanisms in an enterprise.

Learning Outcomes

Upon successful completion of this course, students will have demonstrated the ability to:

Identify, interpret, and evaluate continuous monitoring and cyber threat hunting requirements of organizations of different sizes;
Examine deficiencies in existing network architectures to build a defensible architecture that supports continuous monitoring;
Leverage different machine learning and data mining techniques to build intelligent data-driven systems for active defence;
Integrate legal and ethical requirements and best practices in monitoring network activities; and
Work collaboratively in teams to conduct research and communicate rational and reasoned arguments using appropriate methods.

Course Topics

Introduction, privacy and ethical issues in network monitoring and threat hunting
Setting up network monitoring and threat hunting infrastructure
Applied machine learning for cyber threat detection and analysis
Network attacks, attack tools and network monitoring
Proactive network threat hunting and monitoring
Network events and attack analysis
Network vulnerability management and automated threat hunting

Assessment

Assessment Item	Weight
Assignment	50%
Practical Exam	50%
Total	100%

Technical Requirements

You are responsible for ensuring that your computer system meets the necessary system requirements. Use the browser check tool to ensure your browser settings are compatible and up to date (results will be displayed in a new browser window).

*Course details are subject to change.