Learn how to effectively create, provision, and operate a formal incident response capability within your organization.
Overview
Syllabus
Introduction
- Overview
- Why do you need a plan?
- Lifecycle of an incident response
- Review: Introduction
- Incident response planning
- Events and incidents
- Policy, plans, and procedures
- Policy elements
- Plan elements
- Procedure elements
- Review: Incident response planning
- Incident response team
- Incident response team structure
- Types of teams
- Selecting a team model
- Team members
- Leading a team
- Organizational dependencies
- Review: Incident response team
- Communication
- Coordinating your efforts
- Internal information sharing
- Business impact analysis
- Technical analysis
- External information sharing
- Review: Communication
- Preparation
- Communications and facilities
- Hardware and software
- Technical resources and information
- Software resources
- Incident prevention
- Review: Preparation
- Detection and analysis
- Attack vectors
- Detecting an incident
- Indicators of compromise
- Conducting analysis
- Documenting the incident
- Prioritizing the incident
- Notification procedures
- Review: Detection and analysis
- Containment, eradication, and recovery
- Containment strategy
- Evidence collection and handling
- Identifying the attacker
- Eradication and recovery
- Review: Containment, eradication, and recovery
- Post-incident activity
- Lessons learned
- Metrics and measures
- Evidence retention
- Calculating the cost
- Review: Post-incident activity
- What to do next
Taught by
Jason Dion
