Study for the Incident Management domain of the CISM certification exam, which tests your ability to identify, triage, and resolve security incidents.
CISM Cert Prep: 4 Information Security Incident Management
Overview
Syllabus
Introduction
- Incident management
- What you need to know
- Study resources
- Role of a manager in incident response
- Creating an incident response team
- Identifying and classifying security incidents
- Threat classification
- Zero days and the advanced persistent threat
- Determining incident severity
- Build an incident response program
- Incident communications plan
- Incident identification
- Escalation and notification
- Mitigation
- Containment techniques
- Incident eradication and recovery
- Validation
- Post-incident activities
- Incident response exercises
- Network symptoms
- Rogue access points and evil twins
- Endpoint symptoms
- Application symptoms
- Conducting investigations
- Evidence types
- Introduction to forensics
- System and file forensics
- File carving
- Creating forensic images
- Digital forensics toolkit
- Operating system analysis
- Password forensics
- Network forensics
- Software forensics
- Mobile device forensics
- Embedded device forensics
- Chain of custody
- Ediscovery and evidence production
- Exploitation frameworks
- Security information and event management
- Continuous security monitoring
- Continuing your studies
Taught by
Mike Chapple
