uCertify

Incident Handling and Response

(WU-SEC6060.AU1)
Lessons
Lab
TestPrep
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Incident Response and Prerequisities

  • Why Does This Happen?
  • Strategy vs. Tactics
  • Changing the Culture
  • Establishing the Identify and Protect Functions
2

Incident Response Frameworks, Leadership, Teams, and Culture

  • NIST 800-612
  • From Guidance to Program Implementation
  • Leadership Qualities
  • Culture
  • Alignment of the Team
  • Prepare to Handle Incidents
  • Facilitating Organizational Change
3

Incident Response Strategy, Cyber Risks and Attack Life Cycle

  • Purpose
  • Scope
  • Definitions
  • How to Respond to Incidents
  • Documenting Cyber Risks
  • The Mandiant Cyber Attack Life Cycle
  • Tie the Risk Assessment and Kill Chain
4

Detection, Identification of Events, and Containment

  • Building Detective Capabilities
  • Identification of Security Events
  • Indicators of Compromise
  • Containment Fundamentals
  • Choosing a Containment Strategy
  • Retaining Forensic Investigators
  • Executive Expectations
5

Eradication, Recovery, and Post-incident Review and Monitoring

  • Removing the Attacker’s Artifacts
  • Vulnerability Scanning
  • Restoring Systems via Backups
  • Post-incident Review
  • Components of Continuous Monitoring
  • How Continuous Monitoring Works
  • Incorporating Continuous Monitoring into the NIST CSF Environment
6

Incident Response Story

  • Background
  • Initial Response
  • The Nightmare Begins
  • The Second Incident Response
  • The CISO’s Office
  • Full-Time Effort Required
  • Building a Program
  • Developing a Battle Plan
A

Appendix: NIST Cybersecurity Framework

  • Identify: Asset Management
  • Identify: Business Environment
  • Identify: Governance
  • Identify: Risk Assessment
  • Identify: Risk Management
  • Identify: Supply Chain Risk Management
  • Protect: Access Control
  • Protect: Awareness and Training
  • Protect: Data Security
  • Protect: Information Protection
  • Protect: Maintenance
  • Protect: Protective Technology
  • Detect: Anomalies and Events
  • Detect: Continuous Monitoring
  • Detect: Detection Processes
  • Respond: Response Planning
  • Respond: Communications
  • Respond: Analysis
  • Respond: Mitigation
  • Respond: Improvement 
  • Recover: Recovery Planning
  • Recover: Improvements
  • Recover: Communications

1

Incident Response and Prerequisities

  • Building an Effective Incident Response Program
  • Establishing the Identify and Protect Functions
2

Incident Response Frameworks, Leadership, Teams, and Culture

  • Aligning Incident Response Strategy with Organizational Capabilities
  • Building a Culture Driven Incident Response Function
3

Incident Response Strategy, Cyber Risks and Attack Life Cycle

  • Strengthening Incident Response Planning
  • Identifying Threats and Vulnerabilities Using Public Websites
  • Exploring the OWASP Top 10 Web Application Risks
4

Detection, Identification of Events, and Containment

  • Analyzing Network Traffic Using Wireshark
  • Viewing Linux Event Logs
  • Viewing Windows Event Logs
  • Implementing an IDS
  • Simulating a DoS Attack
  • Analyzing Malware Behavior Using ProcMon
  • Analyzing Ransomware Using VirusTotal
5

Eradication, Recovery, and Post-incident Review and Monitoring

  • Conducting Vulnerability Scanning Using Nessus
  • Taking a Full Backup
  • Examining Large Infrastructure Challenges
6

Incident Response Story

  • Assessing Decision Gaps in Cybersecurity Incidents
  • Enhancing Cybersecurity Through Incident Response Planning

Related Courses

All Courses
We use cookies for improving site experience and analytics. Learn More