Incident Response and Investigations

Learn to identify, analyze, and minimize the costs of a cyber attack or an ongoing incident through risk reduction measures.

Level	Master
Location	Session-based
Points	7.5
Price	kr 22 950
Amount of hand-ins	1+
Admission requirements
Form type	Full-time/Part-time
Subject supervisor	Toktam Ramezanifarkhani
Subject code	3234
Subject description	No description

Incident response (IR) is an approach to handling various categories of security incidents, cyber threats, and data leakage. The incident response methodology aims to identify, analyze, and minimize the cost of a cyberattack or a live incident by mitigation techniques. A well-designed IR plan can fix a potential vulnerability to prevent future attacks and propagation of the attacks. The response is a part of incident handling, which looks at the logistics, communications, synchronicity, and planning required to resolve an incident. This course includes investigation, reporting, analysis, and response.

Learning outcomes

Upon completion of this course, the students will be ready to deal with real security incidents. They will possess the capability to establish an intuitive and customizable system for incident management in initial response statistics. Additionally, they will be able to use accurately reported information and details of the incident to provide a proper response. With a solid understanding of the incident response process, the student will be able to act accordingly. They will apply the NIST's phases of the incident response lifecycle and effectively utilize the steps of an incident response plan. Furthermore, they will demonstrate the ability to determine the critical components of the network and identify points of failures in order to address them appropriately. Ultimately, the student will be able to form a comprehensive cyber security incident response plan.

Subject details

To be qualified for enrolment in the experience-based Master in Cyber Security program, applicants must meet the following requirements:

The candidate must have a Bachelor relevant degree in the fields of Software Engineering, Information Security, Computer Science, Information Technology, Information Systems, Human Computer Interaction, or related disciplines with an average grade of minimum examination grade of C, which is equal to minimum 2.7 ECTS.

At least 2 years of relevant professional practical experience related to any of the fields of Cyber Security is required.

The candidates must demonstrate programming knowledge (at least 7.5 ECTS of relevant courses with a minimum grade C) or relevant experience in, e.g., Python, Java, C/C++

The candidates must demonstrate fundamental knowledge about cyber security principles (at least 7.5 ECTS of relevant courses) or relevant experience, including understanding of Confidentiality, Integrity, and Availability as well as relevant frameworks such as NIST cyber security framework.

Documentation deadline

You must submit documentation confirming your eligibility for admission within 30 days of purchase. Please note that access to the learning platform and participation in classes require an admission decision.

Application deadline: as soon as possible and no later than the day of the first gathering.
Exam information: click here

Exam duration: 6 weeks

Exam withdrawal deadline: 14 days prior to exam submission

Exam format: Individual portfolio exam

Exam submission and hand in: 23/4-24 – 4/6-24
The curriculum for 3234 Incident Response and Investigations will be published in mid-November 2023.

You are responsible for purchasing the course literature, and you are free to buy the books from wherever you prefer. Here, we have gathered some tips on where you can buy new and used course books online.
Absolute prerequisites (beyond the admission requirements):
None

Recommended prerequisites (beyond the admission requirements):
Information Technology, Cybersecurity, Machine Learning
Lecture 1: 26/2-24
Lecture 2: 27/2-24
Lecture 3: 22/4-24
Lecture 4: 23/4-24

Attendance at the lectures is not mandatory.

Kristiania University College reserves the right to make changes to the lecture dates.

Access to the Canvas learning platform: 16/1/2024
This course is specially designed for those who want to combine studies with work. The teaching is conducted through physical gatherings and digital support on the Canvas learning platform.

The educational approach is based on project-based and problem-based learning, using real cases connected to theory. The cases can even come from your own workplace, allowing you to explore practice within your own organization. This approach also applies to choosing a topic for a potential future master's thesis.
You can pay by invoice, card, installment, or make arrangements with another payer. Read more about financing here.

You can also apply for support from the Norwegian State Educational Loan Fund (Lånekassen).

This subject is included in

Experience-based Master in Cyber Security