CS 232 — Applied Security Frameworks in Security Operations
In this hands-on course, students learn how major cybersecurity frameworks directly support real-world Security Operations Center (SOC) workflows. By connecting strategic governance models such as the NIST Cybersecurity Framework and ISO/IEC 27001 with tactical operational models like MITRE ATT&CK, students examine how organizational policy shapes daily monitoring, detection engineering, and alert triage. Working within pre-configured virtual machine environments and open-source SIEM tools (such as Wazuh or Security Onion), students analyze log data, identify actionable security events, and confidently distinguish them from normal business operations. Responsible AI practices are integrated throughout the course as students use AI-assisted tools for SIEM query generation and log summarization while documenting verification steps for accuracy, completeness, and data privacy. By the end of the course, students will be able to triage alerts, map technical findings to relevant framework controls, and produce clear, actionable escalation tickets and handoff reports for Tier 2 analysts and other operational stakeholders.