CS 6261: Security Incident Response

Instructional Team

Jimmy Lummis
Jimmy Lummis
Instructor
Christopher Craig
Christopher Craig
Instructor
Kyle Koza
Kyle Koza
Instructor
Ross Neufeld
Ross Neufeld
Head TA

Overview

This course provides students with the background information and skill sets necessary to participate in and lead a cyber security incident response effort.

This course is not foundational and does not count toward any specializations at present, but it can be counted as a free elective.

Course Goals

Once completed, the students should have the following capabilities:

  • Understand the foundational tools necessary to have a successful incident response program.
  • Understand modern incident response methods and apply those methods to create an incident response process.
  • Observe suspicious IT behavior and discern malicious activity.
  • Apply methods of containing, eradicating, and responding to an emerging cybersecurity threat.
  • Evaluate performance of a prior incident in order to improve future processes.

Sample Syllabi

Spring 2025 syllabus (PDF)
Fall 2024 syllabus (PDF)
Spring 2024 syllabus (PDF)

Note: Sample syllabi are provided for informational purposes only. For the most up-to-date information, consult the official course documentation.

Before Taking This Class...

Suggested Background Knowledge

Students should have some familiarity with system logs and log analysis tools like Splunk.  Students should also have an understanding of how computer systems and networks function.

Technical Requirements and Software

See Georgia Tech's hardware and software requirements.

Academic Integrity

All Georgia Tech students are expected to uphold the Georgia Tech Academic Honor Code. This course may impose additional academic integrity stipulations; consult the official course documentation for more information.