Want more CySA+ test prep tips? Visit certmike.com to join Mike's free study group.
- Identifying and classifying security incidents
- Determining incident severity
- Building an incident response program
- Notification, mitigation, recording, and reporting
- Incident symptoms
- Conducting forensic investigations
- Password, network, software, and device forensics
Skill Level Intermediate
- [Mike] As a Cybersecurity Analyst, you spend much of your time focused on protecting systems and information in an effort to prevent bad things from happening. That's been the focus of the first two CySA+ domains as we covered topics in threat and vulnerability management. The unfortunate reality is that sometimes bad things do happen. And that's where Cyber Incident Response comes into play. Hi, I'm Mike Chapple, and I'd like to welcome you to our Cybersecurity Analyst+ course covering Domain 3: Cyber Incident Response.
The CompTIA Cybersecurity Analyst+, or CySA+ certification, is designed for IT security analysts, vulnerability analysts, and threat intelligence analysts who have some work experience. It's designed to serve as a middle ground between Security + and CompTIA's Advanced Security Practitioner certification. Earning the CySA+ requires passing an exam covering four different domains of cyber security analytics work. This course covers the third of those four domains: Cyber Incident Response.
This domain accounts for 23% of the questions on the exam, and this course is part of a series of courses that will prepare you for the entire CySA+ test. Through my books and courses here on this site, I've literally helped thousands of students just like you earn their security certifications. I was one of the very first people to earn the CYSA+ certification when it was released in 2017, and I literally wrote the book on the CySA+ certification. I encourage you to pick up a copy of my CySA+ study guide, to help you prepare for the exam in conjunction with this course.
One quick note on the name of the certification: when CompTIA released the Cybersecurity Analyst+ certification, it used the acronym CSA+. In 2018, they changed the acronym from CSA+ to CySA+. You may find study materials that refer to either acronym, and that's okay. The objectives and body of knowledge haven't changed. It's only a change in the acronym. As we work our way through this course, we'll focus on each topic covered by Domain 3.
You'll learn how to analyze an incident scenario to identify threat behavior, and determine the impact of an incident. You'll also discover how to prepare a forensic toolkit for use during an investigation. And we'll dive into the details to help you analyze symptoms to select the best course of action to support incident response efforts. It's important to understand that cyber incident response isn't just technical. We'll talk about the importance of communication during the incident response process. And an incident isn't over when the attack is stopped.
We'll talk about how containment, eradication, and corrective actions make up the incident recovery and post-incident processes. The information you learn in this course will help you pass the CySA+ exam, and it'll also provide critical information that you'll use throughout your career as a Cybersecurity Analyst. In addition to the information I cover in this course, I encourage you to visit my website at certmike.com and join my free CySA+ study group. I'll send you exam tips, practice test questions, and reminders to help keep you on track with your test preparation.
All right, let's get rolling.