Learn how to effectively create, provision, and operate a formal incident response capability within your organization to minimize the damage a cyberattack might cause.
- [Instructor] Imagine that you've recently been promoted to the position of director of information technology for a mid-sized company. It's Saturday night, and you've had a lovely evening out with your spouse, eating dinner, going to the bar, maybe taking in a movie. It's gotten late, and so you climb into bed and quickly fall into a deep sleep. A few hours later, you're awakened by a buzzing noise. You look over at your nightstand, and you see your cellphone screen lighting up and the phone is vibrating. Buzz buzz, buzz buzz. So you look at your alarm clock. It's 3:24 AM. Who in the world is calling you at 3:24 AM? You grab the phone and you walk to the hall to answer it because you don't want to wake your spouse. "Hello?" You say, in a groggy voice. You're greeted on the other end of the line by the company's on-duty security operation center manager. The manager quickly states, "Well, we have a problem." "We've detected that our servers have been compromised." And so it begins. Your company is now in the middle of an incident response. Thoughts start racing through your head. Are we ready? Are we prepared for this? Are we going to be the next big name flashed across the evening news, telling everyone how we've become victims of a data breach? These days, incidents can occur in countless ways and exploiting various vulnerabilities. In this course, we're going to walk through how you can best prepare to respond to any incident through the development of a well thought out incident response plan. provision, and operate a formal incident response capability within your organization. that a cyber attack might cause. This course is designed for those in leadership or management positions. Or those who are going to be assigned to help design the organization's incident response plan. My name is Jason Dion, and I've been working I've been that IT director getting those 3AM wake up calls. I've also been the leader of an incident response team. And we've responded and mitigated the damage of various incidents all around the globe. In this course, we're going to use the National Institute of Standards and Technologies special publication 800-61 as our guide. We're also going to use practical, real world experience as we go through the different portions of that guide. And that way we can identify all of the pieces and parts of a well crafted incident response plan so that you can be better prepared, no matter what the bad guys throw at you. So let's get started.
- Differences between events and incidents
- Elements of policies, plans, and procedures
- The structure of the incident response team
- Selecting a team model
- Leading a team during an incident
- Internal information sharing
- Incident prevention
- Detection and analysis
- Containment, eradication, and recovery
- Calculating the cost of an incident