Learn how to effectively create, provision, and operate a formal incident response capability within your organization to minimize the damage a cyberattack might cause.
Overview
Syllabus
Introduction
- The importance of incident response planning
- The need for a plan
- The incident response life-cycle
- Events and incidents
- Policy, plans, and procedures
- Elements of a policy
- Elements of a plan
- Elements of a procedure
- Incident response team structure
- Different team models
- Selecting a team model
- Incident response personnel
- Leading the team
- Organizational dependencies
- Coordinating your efforts
- Internal information sharing
- Business impact analysis
- Technical analysis
- External information sharing
- Preparation
- Communications and facilities
- Hardware and software
- Technical resources and information
- Software resources
- Incident prevention
- Attack vectors
- Detecting an incident
- Indicators of compromise
- Conducting analysis
- Documenting the incident
- Prioritizing the incident
- Notification procedures
- Containment strategies
- Evidence collection and handling
- Identifying the attacker
- Eradication and recovery
- Lessons learned
- Metrics and measures
- Retaining the evidence
- Calculating the cost
- What to do next
Taught by
Jason Dion