Planning a Security Incident Response

edX Planning a Security Incident Response

Platform
edX
Provider
Microsoft
Length
4 weeks
Language
English
Credentials
Paid Certificate Available
Part of
Course Link
Overview
This course is part of the Microsoft Professional Program in Cybersecurity.

This course is designed to help you manage an enterprise security incident, while avoiding common errors, increasing both the effectiveness and efficiency of your incident response efforts.

What you'll learn
After completing this course, students will be able to:
  • Effectively prioritize the response to a security incident
  • Build a computer security incident response team (CSIRT)
  • Develop an incident response action plan
  • List appropriate post-incident activities
Syllabus
Module 1
  • Introduction
  • What is threat modelling?
  • The need for incident response plans
  • Assess vulnerabilities in your environment
  • Establish routine monitoring and review of network traffic and system performance
  • Log analysis
Module 2
  • Incident Response Policy, Plan, and Procedure Creation
  • Creation of a CSIRT
  • Establish CSIRT team roles
  • Establish governing policy
Module 3
  • Initial assessment of incident
  • Attack vectors
  • What are false positives and false negatives?
  • Determine the nature of the attack
  • Identify the systems that have been compromised
  • Choosing a containment strategy
Module 4
  • Post-incident activity
  • Protect the evidence while restoring functionality
  • Recommendations and Lessons learned
  • Security incident report

Taught by
Philip E. Helsel and Kimberly Rasmusson-Anderson
Author
edX
Views
785
First release
Last update
Rating
0.00 star(s) 0 ratings
Top