The SANS Technology Institute offers a post-baccalaureate certificate in Incident Response, based entirely upon four courses already available as an elective path through its graduate program leading to a Master of Science Degree in Information Security Engineering.
As an independent offering, the graduate certificate in Incident Response is a highly technical, 13 credit hour program with a cohesive and progressive set of learning outcomes. These learning outcomes are focused on developing the student's capability to manage both a computer and network-based forensics investigation as well as the appropriate incident responses.
Because the certificate program is based on the courses that may be chosen by a master's candidate during the normal course of studies, all credits earned while completing the Incident Response certificate program may be applied directly in fulfillment of the master's degree requirements should the student matriculate in the master's program within five years of earning the certificate.
Incident Response Certificate - 13 credit hours
Required courses (expand for more info):
SANS class: SEC504 Hacker Techniques, Exploits & Incident Handling
Assessment: GIAC GCIH, NetWars Continuous
4 Credit Hours
By adopting the viewpoint of a hacker, ISE 5200 provides an in-depth focus into the critical activity of incident handling. Students are taught how to manage intrusions by first looking at the techniques used by attackers to exploit a system. Students learn responses to those techniques, which can be adopted within the framework of the incident handling process to handle attacks in an organized way. The faculty instruction, lab exercises, exam, and NetWars simulation are coordinated to develop and test a student's ability to utilize the core capabilities required for incident handling.
SANS class: FOR 508 Advanced Digital Forensics, Incident Response, and Threat Hunting
Assessment: GIAC GCFA
3 Credit Hours
ISE 6425 teaches the necessary capabilities for forensic analysts and incident responders to identify and counter a wide range of threats within enterprise networks, including economic espionage, hacktivism, and financial crime syndicates. The course shows students how to work as digital forensic analysts and incident response team members to identify, contain, and remediate sophisticated threats-including nation-state sponsored Advanced Persistent Threats and financial crime syndicates. Students work in a hands-on lab developed from a real-world targeted attack on an enterprise network in order to learn how to identify what data might be stolen and by whom, how to contain a threat, and how to manage and counter an attack.
SANS class: FOR 572 Advanced Network Forensics and Analysis
3 Credit Hours
ISE 6440: Advanced Network Forensics and Analysis focuses on the most critical skills needed to mount efficient and effective post-incident response investigations. Moving beyond the host-focused experiences in ISE 6420 and ISE 6425, ISE 6440 covers the tools, technology, and processes required to integrate network evidence sources into investigations, covering high-level NetFlow analysis, low-level pcap exploration, and ancillary network log examination. Hands-on exercises in FOR 572 cover a wide range of open source and commercial tools, and real-world scenarios help the student learn the underlying techniques and practices to best evaluate the most common types of network-based attacks.
SANS class: FOR 610 Reverse-Engineering Malware: Malware Analysis Tools and Techniques
Assessment: GIAC GREM
3 Credit Hours
Download the Incident Response Certificate Program Briefing Document in .pdf format.
Over the past few years, digital crime and intrusions have increased, and Fortune 500 companies are beginning to detail data breaches and hacks: the 2013 Verizon Data Breach report spanned 47,000 security incidents, 621 confirmed data disclosures, and at least 44 million compromised records, affecting nearly every industry and company size evaluated. In this same report, Verizon notes that "70% of breaches were discovered by external parties who then identified the victim...admittedly better than the 92% observed in [last year's report]." The need for professionals inside organizations that can identify and respond to incidents before they are discovered by clients or customers is self-evident and large.
Graduates of the Incident Response post-baccalaureate certificate program will be able to:
- Explain the role of digital forensics and incident response in the field of information security, and recognize the benefits of applying these practices to both hosts and networks when investigating a cyber incident.
- Analyze the structure of common attack techniques in order to evaluate an attacker's footprint, target the ensuing investigation and incident response, and anticipate and mitigate future activity.
- Evaluate the effectiveness of available digital forensic tools and use them in a way that optimizes the efficiency and quality of digital forensic investigations.
- Utilize multiple malware analysis approaches and tools to understand how malware programs interact with digital environments and how they were coded, in order to reverse the effects of the program on networks and systems.
For additional, detailed technical goals for each course, please review the educational goals listed for each SANS class.
Tuition for each course in a certificate program is $5,000, and all courses may be taken either live at a SANS event or online from home or work. Credit is earned only when a student enrolls first in a given certificate program and then registers for the appropriate graduate courses.
Admissions to the Incident Response Certificate Program
To apply, please view the Admissions Page dedicated to the SANS Graduate Certificate Programs.