I. Define the concept of intrusion and how it is a type of attack on information assets in which the instigator attempts to enter a system or disrupt the normal operations of a system with the intent to do malicious harm.
II. Discuss intrusion prevention, which consists of activities that seek to deter an intrusion from occurring.
III. Identify the purpose of instruction detection and why it is important to have up to date systems in place so that losses are minimal and interruptions to business are much in the same.
IV. Compare and contrast the differences between intrusion detection systems (IDS) and intrusion detection and prevention systems (IDPS). Explain why IDSs are less frequently used now than IDPSs.
V. Discuss how system administrators can choose the configuration of the various alerts and the associated alarm levels for each type of alert.
VI. Review response techniques that are recommended from NIST Special Publication (SP) 800-94 Rev. 1.