Incident Response

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Introduction to Incident Handling and Response

• Overview of Information Security Concepts
• Understanding Information Security Threats and Attack Vectors
• Understanding Information Security Incident
• Overview of Incident Management
• Overview of Vulnerability Management
• Overview of Threat Assessment
• Understanding Risk Management
• Understanding Incident Response Automation and Orchestration
• Incident Handling and Response Best Practices
• Overview of Standards
• Overview of Cybersecurity Frameworks
• Importance of Laws in Incident Handling
• Incident Handling and Legal Compliance

Incident Handling and Response Process

• Overview of Incident Handling and Response (IH&R) Process
• Step 1: Preparation for Incident Handling and Response
• Step 2: Incident Recording and Assignment
• Step 3: Incident Triage
• Step 4: Notification
• Step 5: Containment
• Step 6: Evidence Gathering and Forensics Analysis
• Step 7: Eradication
• Step 8: Recovery
• Step 9: Post-Incident Activities

Forensic Readiness and First Response

• Introduction to Computer Forensics
• Overview of Forensic Readiness
• Overview of First Response
• Overview of Digital Evidence
• Understanding the Principles of Digital Evidence Collection
• Collecting the Evidence
• Securing the Evidence
• Overview of Data Acquisition
• Understanding the Volatile Evidence Collection
• Understanding the Static Evidence Collection
• Performing Evidence Analysis
• Overview of Anti-Forensics

Handling and Response to Malware Incidents

• Overview of Malware Incident Response
• Preparation for Handling Malware Incidents
• Detecting Malware Incidents
• Containment of Malware Incidents
• Eradication of Malware Incidents
• Recovery after Malware Incidents
• Guidelines for Preventing Malware Incidents

Handling and Responding to Email Security Incidents

• Overview of Email Security Incidents
• Preparation for Handling Email Security Incidents
• Detection and Containment of Email Security Incidents
• Eradication of Email Security Incidents
• Recovery after Email Security Incidents

Handling and Responding to Network Security Incidents

• Overview of Network Security Incidents
• Preparation for Handling Network Security Incidents
• Detection and Validation of Network Security Incidents
• Handling Unauthorized Access Incidents
• Handling Inappropriate Usage Incidents
• Handling Denial-of-Service Incidents
• Handling Wireless Network Security Incidents

Handling and Responding to Web Application Security Incidents

• Overview of Web Application Incident Handling
• Web Application Security Threats and Attacks
• Preparation to Handle Web Application Security Incidents
• Detecting and Analyzing Web Application Security Incidents
• Containment of Web Application Security Incidents
• Eradication of Web Application Security Incidents
• Recovery from Web Application Security Incidents
• Best Practices for Securing Web Applications

Handling and Responding to Cloud Security Incidents

• Cloud Computing Concepts
• Overview of Handling Cloud Security Incidents
• Cloud Security Threats and Attacks
• Preparation for Handling Cloud Security Incidents
• Detecting and Analyzing Cloud Security Incidents
• Containment of Cloud Security Incidents
• Eradication of Cloud Security Incidents
• Recovering from Cloud Security Incidents
• Best Practices Against Cloud-based Incidents

Handling and Responding to Insider Threats

• Introduction to Insider Threats
• Preparation for Handling Insider Threats
• Detecting and Analyzing Insider Threats
• Containment of Insider Threats
• Eradication of Insider Threats
• Recovery after Insider Attacks
• Best Practices Against Insider Threats