Cybersecurity

Module 3: Security Incident Management

Preparing for incident management is essential in today’s environment. This module includes:


  • Principles of an incident
  • The life cycle of a vulnerability
  • Log management strategy
  • Setting up detection systems
  • Backup strategy

Learners will learn about the different stages of an incident, and how to prepare for them, including setting up a detection and response strategy, analysing logs, and managing backups. Questions answered in this module are: What is a vulnerability and its lifecycle? What is an incident, how to prevent it or detect it at early stage? What are the detections mechanisms and how to set them up? Why and how do we backup data? The outcome of completing this module successfully is to have the knowledge and skills to ensure the necessary defences and logs are in place before the incident occurs.
Content
  • Incident lifecycle: defining actors and process
  • How to define an iterative security detection strategy and identify your most valuable assets / attack surface.
  • Requirements to apply an iterative security detection strategy. log collection (syslog), retention and normalization (parsing, data models), importance of a normalized naming convention for detection rules.
  • Log management and log collection
  • Security detection: a global topic. Detection concerns every system at each level.
  • SIEM architecture (standalone, distributed) & main features. Examples through common technologies used (Splunk, Qradar, Sentinel).
  • Concrete example of a detection rule and log analysis
  • Regulatory compliance (log retention through SIEM or external backups)
  • Backup frequency, technology used (hardware, software), online or offline backups).
  • The module will include a case study to highlight advantages/drawbacks depending on backup choices in case of ransomware.
Learning Outcomes
  • Describe the principles of an incident
  • Understand the lifecycle of a vulnerability
  • Manage and collect logs
  • Set up a detection mechanism
  • Discuss regulatory compliance for backups
Training Method

Presentation with interactive slides and short case studies to apply concepts presented.
Organised By
Digital Learning Hub Luxembourg
Digital Learning Hub Luxembourg
Certification
Participation Only
Prerequisites

Understanding of cybersecurity concepts and practices is necessary. It is recommended to have followed Modules 1 and 2, or to have equivalent knowledge. See the content of those modules for clear information about the detailed prerequisites for this module.
Planning and location
Session 1
26/05/2025 - Monday
08:30 - 12:30
Learning Track

This course is part of the following learning track(s) and can be booked as a stand-alone training or as part of a whole:
Learning Track - Cybersecurity Essentials
ESCO Skills
cyber security
ESCO Occupations
ICT system administrator ICT network administrator ICT security administrator ICT security technician
Intermediate
Daytime
English
On Site
Available Edition(s):

https://www.dlh.lu/web/image/product.template/1691/image_1920?unique=9830440

This combination does not exist.

Contact Us

16.00 € 16.0 EUR 16.00 €

16.00 €

Not Available For Sale

Your trainer(s) for this course
Olivier MIESCH