What you'll learn:
- The process for managing information security incidents
- Best practices recommended by standards for handling incidents
- How to plan and prepare for managing incidents
- How to detect and assess information security events
- How to analyze and classify information security incidents
- What involves the response to information security incidents
- What standards are available for information security management
Information security incidents have become a common occurrence in today's landscape, where every organization, regardless of its size or dependence on IT&C, can be the victim of an attack.
Security controls and policies alone cannot guarantee a total protection of information, networks, systems or services, because there will always be residual vulnerabilities that may be exploited by threats, leading to information security incidents. Furthermore, it is inevitable that new instances of previously unidentified threats cause incidents to occur.
The consequences of an information security incident can go from minor disturbances to the regular operations, up to the collapse of the entire organization. The insufficient preparation to deal with incidents will make the response of the organization less effective and will increase the degree of potential adverse business consequences.
Therefore, it is mandatory for each company to design and to implement a robust information security programme, with a key part of that programme dedicated to the handling of incidents.
This course presents the guidelines for managing information security incidents provided by ISO/IEC27035.
This international standard proposes a process that includes 5 phases:
- plan and prepare where plans and policies are developed, training and awareness are provided, the necessary resources are identified and made available, forms are established and organizational structures, such as the incident management team and the incident response team are set up;
- detect and report, where information security events are identified, reported;
- assess and decide, where incidents are categorized based on their impact on the organization and analyzed to determine the most suitable solutions for the response;
- respond, where the incident is contained first, then eradicated and in the end the systems and services affected by the incident are recovered; and
- learn lessons, where the organization uses the information collected while handling incidents to improve its process, its security controls and organizational processes.
A section of the course is dedicated to each of the five steps of the incident management process and along the way there are examples and case studies to make your learning journey more useful and pleasant.
By participating in this course you will understand the concepts and tools of incident management; you will learn about how to categorize and analyze information security incidents; you will improve your skills in the information security management field and you can confidently apply for a certification as incident manager.
You can use the information in this course to design or to improve your company's processes for managing information security incidents. You can use the course as support for your consulting services or for auditing purposes. Or, you can use this course as a method to advance your career in information security management.