NICE Framework Analysis: Mod 9: Incident Response

Learning Object Metadata

Name

Mod 9: Incident Response

CUID

0277d7c4-7a2b-483b-96d3-6736dd58191a

Author

ncyte_center

Length

module

Status

released

Version

Students learn about Incident Response (IR) strategies, including prevention and containment. They also learn how to create an Incident Response Plan.

611274d384804cf5833aa953 611273dc84804cf5833aa944

undergraduate

ncyte

{'id': '607df4570501591235a36369', 'username': 'ncyte_center', 'name': 'ncyte center', 'email': '[email protected]', 'organization': 'NCyTE Center'}

Analysis Summary

The learning object provides strong coverage of knowledge of incident response principles and practices, with solid information on the phases of incident response, incident containment strategies, and key parts of an incident response plan. It also supports the ability to perform incident management processes by teaching this content. There is some additional relevant coverage of organizational knowledge and evidence handling skills, though these are not the primary focus. Overall, the content aligns well with core incident response elements in the NICE Framework.

Improvement Suggestions

To improve alignment with the NICE Framework, the learning object could provide some more details on specific procedures and standards for preserving evidence integrity during incident response. It could also incorporate more information about incidents' impact on an organization's high-level business processes and mission. However, the core incident response principles and practices are already well covered.

NICE Framework Mappings

Found 4 mappings to NICE framework elements.

Element ID	Type	Confidence	Evidence
K0042	Knowledge	100%	The learning object covers incident response strategies, phases of incident response based on NIST SP 800-61, incident containment, and components of an incident response plan. This aligns strongly with knowledge of incident response principles and practices.
K0146	Knowledge	80%	The content mentions some common types of incidents that may occur in SCADA/ICS systems, indicating the learning object provides some context on incidents impacting an organization's core industrial control processes and mission. However, the coverage of this element is not as strong or direct as the incident response knowledge.
S0047	Skill	70%	The learning object briefly covers evidence gathering and handling during incident containment, including maintaining chain of custody. This provides some coverage of skills in preserving evidence integrity, but more details could be provided on the specific procedures and standards to follow.
T0259	Task	90%	By teaching the phases of incident response and components of an incident response plan, the learning object helps enable learners to perform incident management processes. The coverage aligns well with this task element, though some more specific details could be provided on executing the processes.

Element ID

Type

Confidence

Evidence

K0042

Knowledge

100%

The learning object covers incident response strategies, phases of incident response based on NIST SP 800-61, incident containment, and components of an incident response plan. This aligns strongly with knowledge of incident response principles and practices.

K0146

Knowledge

80%

The content mentions some common types of incidents that may occur in SCADA/ICS systems, indicating the learning object provides some context on incidents impacting an organization's core industrial control processes and mission. However, the coverage of this element is not as strong or direct as the incident response knowledge.

S0047

Skill

70%

The learning object briefly covers evidence gathering and handling during incident containment, including maintaining chain of custody. This provides some coverage of skills in preserving evidence integrity, but more details could be provided on the specific procedures and standards to follow.

T0259

Task

90%

By teaching the phases of incident response and components of an incident response plan, the learning object helps enable learners to perform incident management processes. The coverage aligns well with this task element, though some more specific details could be provided on executing the processes.

NICE Framework Analysis Report

Learning Object Metadata

Analysis Summary

Improvement Suggestions

NICE Framework Mappings

Original Learning Object