In today's world of uncertainty it is necessary to be prepared for a wide range of data security incidents. This course takes the candidate through the critical steps required to prepare for the inevitable incident. The course covers all the phases of incident preparation and response, from the pre-planning stages to the post incident root cause analysis that leads to procedural changes designed to prevent similar incidents from happening in the future.
Real world incident response examples will be used throughout the course to give the students examples of both proper incident handling procedures and demonstrate the results of poor planning and implementation.
- Upcoming Dates and Locations
-
Guaranteed To Run
- Course Outline
-
Part 1: Identification and SOC operations
Students will discover Security Operations Center tools and techniques. IDS, IPS, antivirus, and firewall alerts, as well as Syslog information from servers and end stations, are all gathered and correlated by a security incident and event monitoring devices. Understand the procedures for collection and correlating security breach information and discover how to identify significant security events from the clutter of insignificant and unrelated events.
Part 2: Incident Response Policy, Authorization, and Team Creation
Discover how to create an incident response policy that gives an organization the ability and authority to respond to any incident without unnecessary delay caused by seeking executive approval when the time is of the essence. Create an incident response team by identifying the proper skill sets required to effectively implement a planned response.
Part 3: Preparing to Handle an Incident
Timely and effective response requires pre-action planning, training, and preparation. Students will learn how to create action plans that will be executed when a crisis is discovered. These action plans need trained staff and the correct resources in order to be effective. Discover the training and resource requirements that will make your incident response team effective during a crisis.
Part 4: Incident Detection and Analysis Phase
A thorough understanding of attack vectors will allow security personnel to correlate precursors and indicators and allow this correlation process to lead to early identification of the most critical potential security events. By using the proper identification and prioritization techniques taught in class, students will be able to accurately begin to document the incident while initiating the correct containment strategy.
Part 5: Containment, Eradication and Recovery Phase
Different business assets require different containment strategies. Critical high availability solutions cannot simply be taken off of the network. Learn different ways of controlling the spread of virus, worms, and attackers while protecting critical resources. The student will learn how to identify and gather evidence of an attacker's activities and targets. A complete understanding of the attack scenario is required to eradicate all traces of an attack and to recover damaged systems into the operation environment.
Part 6: Lessons Learned and Post Incident Activity
After the incident is over and all systems are recovered to full operational status, learn how to analyze the response process for future process improvement. Discover how to perform root cause analysis that will identify the process failure that allowed the incident to occur in the first place. Use that root cause analysis to modify corporate procedures to defend against future problems.
- Who should attend
-
- IT Managers & Directors
- CISOs
- Security Managers
- System Administrators
- Network Designers
- Security Administrators
- Business Analysts
- Project Managers
- Systems Architects/Designers
- Systems Analysts or Testers
- Managers & Team Leaders