This is the fourth of five courses in the Google Cloud Cybersecurity Certificate. In this course, you’ll focus on developing capabilities in logging, security, and alert monitoring, along with techniques for mitigating attacks. You'll gain valuable knowledge in customizing threat feeds, managing incidents, handling crisis communications, conducting root cause analysis, and mastering incident response and post-event communications. Using Google Cloud tools, you'll learn to identify indicators of compromise and prepare for business continuity and disaster recovery. Alongside these technical skills, you'll continue updating your resume and practicing interview techniques.
Overview
Syllabus
- Detection foundations
- Introduction to course 4
- Course 4 overview
- Seline: Make an impact in cloud security
- Helpful resources and tips
- Lab technical tips
- Explore your course 4 scenario: Cymbal Bank
- Welcome to module 1
- SecOps and its components
- Essential SecOps skills
- Vulnerability management techniques
- Vulnerability scanning, penetration testing, and tabletop exercises
- AI in SecOps: Red teams
- Test your knowledge: Security operations foundations
- Incident detection basics
- Phases of incident response and management
- Incident response plans
- More about incident response phases
- Intrusion detection systems
- Signature and anomaly-based detection
- Test your knowledge: Incident management foundations
- Logs for analysis and monitoring
- Log types: A breakdown
- Log management: The skills needed for success
- Test your knowledge: Logging and log retention fundamentals
- Alerts and notifications
- Alert search techniques
- Alert and log optimization
- Guide to event threat detection
- Determine the difference between normal activity and an incident
- Test your knowledge: Alerts, notifications, and log optimization
- Wrap-up
- Glossary terms from module 1
- Module 1 challenge
- Detection in practice
- Welcome to module 2
- Introduction to Lockheed Martin’s Cyber Kill Chain®
- False positive analysis
- Lockheed Martin’s Cyber Kill Chain® in practice
- Guide to false positive analysis
- Explore false positives through incident detection
- Test your knowledge: False positives and Lockheed Martin’s Cyber Kill Chain®
- Introduction to security monitoring
- Tim: Analytical skills for detection and response
- Security monitoring key concepts
- Tools for proactive security monitoring
- Test your knowledge: Proactive security monitoring and alerting
- Indicators of compromise (IOCS)
- Essentials of threat hunting
- IOCs for threat detection
- Aggregations and correlations
- Introduction to query tools
- Query tools: RegEx and YARA-L
- Test your knowledge: Threat hunting and indicators of compromise
- Wrap-up
- Glossary terms from module 2
- Module 2 challenge
- Incident response management and attack mitigation
- Welcome to module 3
- The importance of evidence preservation
- Digital evidence preservation: Techniques and best practices
- How security teams preserve evidence
- Test your knowledge: Evidence preservation
- Incident response in Google Cloud
- Incident response best practices with Chronicle SOAR
- Incident identification
- Coordination for incident response
- Guide to log queries, exports, and analysis
- Analyze audit logs using BigQuery
- Test your knowledge: Incident management
- Documentation fundamentals
- Elements of successful documentation
- Documentation in practice
- Activity: Document a timeline of events
- Activity Quiz: Document a timeline of events
- Activity Exemplar: Document a timeline of events
- Test your knowledge: Documentation
- Actionable alert identification
- Incident response partners
- Security orchestration with playbooks
- Incident response orchestration versus automation
- Playbooks' role in incident response
- Fatima: A day in the life of a detection and response team manager
- Test your knowledge: Response in action using automation
- Wrap-up
- Glossary terms from module 3
- Module 3 challenge
- Incident recovery
- Welcome to module 4
- Recovery plans in action
- Information recovery and system restoration
- System recovery steps and scenarios
- Test your knowledge: Recovery plans and system restoration
- Business continuity and disaster recovery (BCDR) basics
- The role of BCDR tools
- BCDR in Google Cloud
- Guide to backups and VM recovery
- Recover VMs with Google Backup and DR Service
- Test your knowledge: Business continuity and disaster recovery
- Recovery options and measures of success
- Components of a disaster recovery plan (DRP)
- Disaster recovery planning in Google Cloud: Build a DRP
- Disaster recovery planning in Google Cloud: Implement a DRP
- Test your knowledge: Disaster recovery plan fundamentals
- Business continuity and disaster recovery plans
- Create and manage effective BCDR plans
- Disaster recovery plan stakeholders
- Test your knowledge: BCDR roles and responsibilities
- Wrap-up
- Patrick and Pedro: Interview role play
- Interview tip: End responses with positive takeaways
- Glossary terms from module 4
- Module 4 challenge
- Course wrap-up
- Course 4 resources and citations
- Glossary terms from course 4
- Your Next Steps
- Course Badge