Course curriculum

    1. Objectives

    1. Basics

    2. Understanding incidents and events

    3. Threats, vulnerabilities and risks

    4. Attack vectors

    5. When do we do incident response (IR)

    6. Where do we do incident response (IR)

    7. Incident tracking

    8. Incident priorization

    9. NIST incident response framework

    1. Incident prevention strategies and controls

    2. Incident communication plan

    3. Incident response network design

    4. Zero trust model

    5. IR policy

    6. IR plan

    7. IR procedure

    8. Policy, plan and procedure

    9. Incident management platforms

    1. Basics

    2. The four layers of detection

    3. Network perimeter detection

    4. Endpoint perimeter detection

    5. Endpoint system detection

    6. Application level detection

    1. Containment

    2. Eradication

    3. Recovery

    1. Lessons learned

    2. Incident report

About this course

  • Who should attend:
  • • SOC analyst

    • incident response team

    • security professional who want to fill the gaps in their understanding of technical information security

    • operations personnel who do not have security as their primary job function but need an understanding of security to be effective
  • What you will learn:

    • Understand the structured approach of the NIST incident response framework

    • Best practices for incident tracking and priorization

    • The most important tasks that could be achieve during the preparation phase to prevent and/or limit the damage

    • How to set up good detection engineering with the relevant security tools (e.g. EDR)

    • Take care of machine after infection with respect to the containment, eradication and recovery steps

    • Understand that evidence preservation is crucial

Discover your potential, starting today

Enroll today