course-details-portlet

IIKG3020

Introduction to incident response

Credits 7.5
Level Third-year courses, level III
Course start Autumn 2025
Duration 1 semester
Language of instruction Norwegian
Location Gjøvik and Trondheim
Examination arrangement Aggregate score

About

About the course

Course content

  • Incident response planning: preparation, organization, building and running a CSIRT, operational issues, hiring and training of personnel
  • Incident response: prevention, detection, notification, reaction, recovery, maintenance
  • Advanced computer network defence: vulnerability and threat management, threat intelligence and situational awareness, tools and processes, frameworks (ATT&CK, Cyber Kill Chain, etc.), threat hunting, information sharing
  • Planning and running incident response team exercises

Learning outcome

Knowledge

  • The student understands cyber incident response and its components.
  • The student has a good overview of known frameworks and tools for incident response.
  • The student has general knowledge of planning for incident response readiness and managing the operational aspects of the incident response team.
  • The student has general knowledge of how to perform incident response for various types of adverse incidents, including intrusions from advanced threat actors.

Skills

  • The student can plan for and handle larger and smaller cyber incidents.
  • The student can organize an incident response team in a manner that ensures good handling of incidents while also making sure staff burnout is avoided.

General Competence

  • The student has broad knowledge of cyber incident response and is able to communicate this to others.

Learning methods and activities

  • Online lectures
  • Group project work

Project and lab assignments will be facilitated across Trondheim and Gjøvik campuses.

Further on evaluation

  • Digital written school examination counts for 40%
  • The project counts for 60%
  • Both parts must be passed.

Re-sit examination in August. Re-sit examination can be changed from digital written school exam to oral exam. No re-sit for the project, the project work has to be redone next course dates.

Retake can be carried out for some partial assessments without all partial assessments having to be taken up again.

Specific conditions

Admission to a programme of study is required:
Digital Infrastructure and Cyber Security (BDIGSEC)
Digital Infrastructure and Cyber Security (MSTCNNS)
Information Security (MIS)
Information Security (MISD)
Information Security (MISEB)

Required previous knowledge

None

Course materials

Eleven Strategies of a World-Class Cybersecurity Operations Center, Kathryn Knerler, Ingrid Parker, Carson Zimmermann, The MITRE Corporation, 2022. Free e-book available from:

https://www.mitre.org/sites/default/files/2022-04/11-strategies-of-a-world-class-cybersecurity-operations-center.pdf

Other course material will be made available via the learning portal.

Credit reductions

Course code Reduction From
IMT3004 5 sp Autumn 2021
IMT3521 7.5 sp Autumn 2021
IMT4841 7.5 sp Autumn 2021
This course has academic overlap with the courses in the table above. If you take overlapping courses, you will receive a credit reduction in the course where you have the lowest grade. If the grades are the same, the reduction will be applied to the course completed most recently.

Subject areas

  • Information Security

Contact information

Course coordinator

Department with academic responsibility

Department of Information Security and Communication Technology

Examination

Examination

Examination arrangement: Aggregate score
Grade: Letter grades

Ordinary examination - Autumn 2025

School exam
Weighting 40/100 Examination aids Code E Date 2025-12-05 Time 09:00 Duration 2 hours Exam system Inspera Assessment
Place and room for school exam

The specified room can be changed and the final location will be ready no later than 3 days before the exam. You can find your room location on Studentweb.

Sluppenvegen 14
Room SL310 blå sone
6 candidates
Room SL111 grønn sone
2 candidates
Room SL110 hvit sone
3 candidates
Room SL311 lyseblå sone
4 candidates
Smaragd
Room S410
35 candidates
Project Assignment
Weighting 60/100 Exam system Inspera Assessment

Re-sit examination - Summer 2026

School exam
Weighting 40/100 Examination aids Code E Duration 2 hours Exam system Inspera Assessment Place and room Not specified yet.