Cyber Security Incident Management
Delivery: classroom, hands on, workshop // Duration: 3 days
This course gives participants an in-depth understanding how to prepare and organize incident response capabilities within the organization. Beneath teaching concepts, methodologies and tactics, also reflection of personal experiences will take place. Different exercises to deepen and apply the knowledgetop off the training.
Learning Objectives
By the end of this course, students will be able to:
-
Understand and design Security Incident Management Processes (SIMP)
-
Plan a response strategy to security incidents
-
Take the lead when responding to major incidents / escalations from CDC
-
Fulfill a managing role in CERT or CDC
Course Content
-
Intro and Definitions
-
What are Cyber Attacks?
-
Current Threat landscape - real world incidents
-
Get a common understanding of Cyber defense strategies
-
-
Security Incident Management Processes (SIMP)
-
Well known SIMP variants
-
From high level SIMP to practical workflow
-
Surrounding and underlying processes
-
4 Pillars for success: Organization, Processes, Resources, Technologies
-
-
Organizing Incident Response
-
Security Incident Management in organizational context
-
Who is CERT and what’s his last name?
-
Interfaces to CDC, IT operations and crisis management
-
Threat map
-
Attack kill chain
-
Maturity rating – mind the gap
-
Response strategy and tactics
-
How to get people?
-
-
Manage the daily incidents
-
Prerequisites for efficient incident response
-
Standardize and automate incident response
-
Doing lessons learned
-
Escalation to 3rd level and CSIRT
-
-
Handle the extraordinary incidents
-
Plan and establish a CSIRT
-
Handle the incident
-
Incident coordination
-
Advanced monitoring
-
Containment / Immediate actions
-
Forensic Analysis
-
Remediation
-
-
Doing lessons learned
-
Escalation to crisis
-
Target Audience
-
Leads of Cyber Security Incidents Response Teams (CSIRT)
-
Managers of CERT or CDC
-
Senior CERT members
-
Senior or 3rd level CDC analysts
-
Senior digital forensics analyst
Pre-requisite for Course Registration
-
Recommendation: Basic know how of IT systems and information security or completed ISH Cyber Security Fundamentals for IT-Pros course
-
Recommendation: Completed ISH Information Security Management course with certification ISH ISMS Specialist ISH ISMS Specialist Diploma
-
Practical experience in dealing with security incidents (CDC or digital forensics)
-
Ability to think abstractive, organization and planning skills
Certification: ISH Cyber Security Incident Manager Diploma
The ISH Cyber Security Incident Manager Diploma provides participants with a broad and detailed understanding of technical and organizational Cyber Security Incidents and Crisis.