Incident Preparedness and Response

3 Day Classroom  •  3 Day Live Online
3 Day Training at your location.
Adjustable to meet your needs.
Individual:
$1795.00
Group Rate:
$1595.00
GSA Discount:
$1292.40
When training eight or more people, onsite team training offers a more affordable and convenient option.
Register Now
Request Quote
Individual
Onsite
Overview

In today's world of uncertainty it is necessary to be prepared for a wide range of data security incidents. This course takes the candidate through the critical steps required to prepare for the inevitable incident. The course covers all the phases of incident preparation and response, from the pre-planning stages to the post incident root cause analysis that leads to procedural changes designed to prevent similar incidents from happening in the future.

Real world incident response examples will be used throughout the course to give the students examples of both proper incident handling procedures and demonstrate the results of poor planning and implementation.

Understand the importance of creating well defined incident response plans
Understand the criticality of assessing what could happen to their business
Develop plans for detecting incidents either during or immediately after incident initiation so that appropriate actions can be taken to protect the company and customer information
Develop working relationships with law enforcement and discover when to involve them in a corporate incident
Understand the importance of having processes in place to assess the criticality of incidents as they are uncovered
Discover the importance of empowering users to report suspicious activity
Upcoming Dates and Locations
Guaranteed To Run

There aren’t any public sessions currently scheduled for this course, but if you fill out the form below, we can tell you about how we can bring this course to you!

Course Outline

1. Identification and SOC operations
Students will discover Security Operations Center tools and techniques. IDS, IPS, antivirus, and firewall alerts as well as Syslog information from servers and end stations are all gathered and correlated by security incident and event monitoring devices. Understand the procedures for collection and correlating security breach information and discover how to identify significant security events from the clutter of insignificant and unrelated events.

 

2. Incident Response Policy, Authorization and Team Creation
Discover how to create an incident response policy that gives an organization the ability and authority to respond to any incident without unnecessary delay cause by seeking executive approval when time is of the essence. Create an incident response team by identifying the proper skill sets required to effectively implement a planned response.

 

3. Preparing to Handle an Incident
Timely and effective response requires pre-action planning, training and preparation. Students will learn how to create action plans that will be executed when a crisis is discovered. These action plans need trained staff and the correct resources in order to be effective. Discover the training and resource requirements that will make your incident response team effective during a crisis.

 

4. Incident Detection and Analysis Phase
A thorough understanding of attack vectors will allow security personnel to correlate precursors and indicators and allow this correlation process to lead to early identification of the most critical potential security events. By using the proper identification and prioritization techniques taught in class, students will be able to accurately begin to document the incident while initiating the correct containment strategy.

 

5. Containment, Eradication and Recovery Phase
Different business assets require different containment strategies. Critical high availability solutions cannot simply be taken off of the network. Learn different ways of controlling the spread of virus, worms and attackers while protecting critical resources. Student will learn how to identify and gather evidence of an attacker's activities and targets. A complete understanding of the attack scenario is required to eradicate all traces of an attack and to recover damaged systems into the operation environment.

 

6. Lessons Learned and Post Incident Activity
After the incident is over and all systems are recovered to full operational status, learn how to analyze the response process for future process improvement. Discover how to perform root cause analysis that will identify the process failure that allowed the incident to occur in the first place. Use that root cause analysis to modify corporate procedures to defend against future problems.

Who should attend
  • IT Managers & Directors
  • CISOs
  • Security Managers
  • System Administrators
  • Network Designers
  • Security Administrators
  • Business Analysts
  • Project Managers
  • Systems Architects/Designers
  • Systems Analysts or Testers
  • Managers & Team Leaders