Location: Online
Cost: $575
Course Description
Are you just getting started with Incident Response (IR) and not sure where to begin? Do you need to stand up an IR program or establish a Computer Security and Incident Response Team and need to get started on the right foot?
Incident Response can be one of the most difficult aspects of Information Security and foundational skills are critical.
The goal of this course is to provide the core components that make up a successful Incident Response program. Students will learn how to get started on their IR journey, what to prioritize, and why boring stuff like policies and procedures are just as important as technical digital forensics skills.
We will cover the logging and monitoring capabilities necessary to be able to successfully investigate and triage an incident as well as what to do when those log sources fail. The concepts and skills introduced in this class will lay the groundwork for the next steps in the IR journey of in-depth endpoint and network forensics and analysis.
Key Takeaways
- Fundamental concepts of Incident Response and the composition of successful IR Programs and Teams
- Necessary components of IR Policies and Procedures
- Network traffic monitoring options and instrumentation
- Endpoint logging requirements and what capabilities are needed when logging fails
- Key Active Directory Event IDs necessary to track down attacker activity
- IR considerations for cloud resources
- Learn how to run a successful Incident Response Tabletop Exercise
Who Should Take This Course
- Entry level Incident Responders and Threat Hunters
- CSIRT and SOC Management
Audience Skill Level
- Basic computer and network knowledge
