About the Course:
The course is designed to provide insight into the work that an incident handler may perform. It will provide an overview of the incident handling arena including incident response services, dealing with intruder threats, and the nature of incident response activities.
Participants will learn the techniques of incident handling, policies and procedures required for incident response operations. This course provides various insights for computer security incident response team from technical perspectives of incident handling, analysis and reporting. The participants will undertake a series of exercises to better understand the technical aspects of commonly reported attack, perform analysis and response techniques for common incidents.
Security manager, analyst and any technical staff, Incident responders, Network administrators. Those with little or no incident handling experience are encouraged to attend.
Knowledge in Information Security, Internet Services, Network Protocols is recommended but not required.
Classroom style lectures and discussion. Participants will be required to complete group activities.
Participants are required to bring their own notebook.
Cyber Threats Landscape
- Introduction to Cyber Threats
- Current Cyber Threats
- Various Attack vectors
- Actors in Cyber Threats
- Detection, Monitoring and Prevention
Introduction to Incident Response
- Introduction / History
- Definition of Incident Response, Intrusion and Events
- Why Incident Response?
- Objective of Incident Response
- Type of Security Incidents
- Category of Incident
- Recognising signs of attack
- Incident Priorities
- Response Level
Incident Handling and Methodology
- Definition of Incident
- Criteria for Incident
- Categories of Incidents
- Types of Incidents
- Response Level to Incidents
- Definitions of Incident Handling
- Purpose of Incident Handling
- 6 steps to Incident Handling
- Detecting and analysing incidents
- Understanding security tools and technologies
- Coordinating responses and information sharing
- Exercise 1 -Triage, Prioritisation and Incident Handling
- Exercise 2 – Incident Handling Procedure
- Exercise 3 – Establishing External Contact
- Exercise 4 – Incident Handling and Role Playing
C-1-02A, CoPlace 2 (Former SME2), 2260 Jalan Usahawan 1, Cyberjaya, 63000 Cyberjaya, Selangor