Module 4: Incident Response Principle
The course will focus on understanding an incident lifecycle and to review for each step the preparation, handling and technical objectives of each phase.
Managing an incident happens during stressful moments for IT operations. Preparation and processes are mandatory to be able to handle such situation. Therefore, we will focus on understanding an incident lifecycle and to review for each step the preparation, handling and technical objectives of each phase.
This is a short, theoretical module, in which you will learn about the different stages of an incident, and how to prepare for them, including setting up a detection and response strategy, analysing logs, and managing backups.
Content
- Preparation: In-depth, (log fields and capabilities, use cases, security application deployment, processes). Default security infrastructure seen in the enterprise.
- Detection: Overview of the role and purpose of an SOC or security alert logs.
- Containment: In-depth, what could be done at what level, the involvement of forensics to carry out this task, possible forensics.
- Eradication: Overview, principles and best practices.
- Recovery: Overview, principle and best practice.
- Lesson learned: Overview, principle and best practice.
- Case Study: Breach for Money
Learning Outcomes
- Understand incident response life cycle
- Describe best practices for incident response management
Training Method
This is a theoretical course.
Organised By
Digital Learning Hub Luxembourg
Certification
Participation OnlyPrerequisites
Understanding of IT is necessary
Planning and location
13:30 - 17:30
Learning Track
This course is part of the following learning track(s) and can be booked as a stand-alone training or as part of a whole:
ESCO Skills
ESCO Occupations
Your trainer(s) for this course
