Sponsors

Follow Us

Upcoming events

Menu
Log in
Forgot password
Search
Log in

TECHNICAL COURSES
NCC 240: SECURITY OPERATIONS CENTER FUNDAMENTALS

COURSE NUMBER

NCC 240

CREDIT / UNIT HOURS

4

PRE-REQUISITES

NCC 219: Network Forensics and Incident Response

RECOMMENDED TEXT BOOK

TBD

ISBN

TBD

COURSE LAB

TBD


DESCRIPTION

4 credit/unit hours – Four hours of lecture weekly; one term

This course is designed as an introduction to Security Operation Centers (SOCs) and the work analysts do in them. The course material and hands-on lab exercises prepares students for work as a Tier 1 Analyst in a SOC, performing various duties (e.g., mapping networks; scanning systems for vulnerabilities; monitoring networks and hosts; Security Information and Event Management (SIEM) administration).

LEARNING OBJECTIVES

Upon completion of this course the learner will be able to:

    • Monitor, detect, and analyze potential intrusions in real time and through historical trending on security-relevant data sources;
    • Scan systems for vulnerabilities;
    • Operate Computer Network Defense (CND) technologies (e.g., Intrusion Detection Systems (IDSes), data collection/analysis systems);
    • Describe countermeasure deployment coordination measures;
    • Provide situational awareness and reporting on cybersecurity status, incidents, and trends in adversary behavior to appropriate personnel;
    • Leverage information from a variety of external sources that provides insight into threats, vulnerabilities, and adversary Tactics, Techniques, and Procedures (TTPs); and
    • Operate as part of an Incident Response (IR) team

        MAIN TOPICS

        1.0 Introduction to a Security Operations Center (SOC)

          • What is it?
          • Mission and operations tempo
          • Characteristics
          • Capabilities
          • Situational Awareness
          • Incident tip-offs
          • Tools and data quality
          • Agility

        2.0  Building a SOC

          • People
          • Processes
          • Tools
          • Threat Intelligence
          • Written authorities
          • Other enabling policies

        3.0 Staffing

          • Capabilities
          • Capability maturation
          • Mind-set
          • Background
          • Skillset
          • Work roles
          • Retention

        4.0 Technologies

          • Asset inventory
          • Network mapping
          • Vulnerability scanning
          • Network monitoring
          • Host monitoring and defense
          • Security Information and Event Management (SIEM)

        5.0 Data Gathering

          • Sensor placement
          • Cost
          • Selecting and instrumenting data sources

        6.0 Securing the SOC

          • Isolating network sensors
          • Designing the SOC enclave
          • Sources and methods

        7.0 Cybersecurity Threat Intelligence

          • Cybersecurity Threat Analysis Cell (CTAC)
          • Where to get it, what to do with it

        8.0 Incident Response (IR)

          • IR preparation
          • Incident identification
          • Containment, eradication, recovery
          • Impact analysis
          • Communication during IR process




        © 2025 Cyber Ready Professional Consortium  PRIVACY POLICY / TERMS OF USE

        Powered by Wild Apricot Membership Software