Incident Response Planning
5h 38mBeginner2023-02-22
Authors

Jason Dion
Cybersecurity Trainer at Dion Training Solutions
Course details
If your organization is the victim of a cyberattack, are you ready to respond? In this course, cybersecurity trainer Jason Dion teaches you how to create, provision, and operate a formal, effective incident response capability within your organization to minimize the damage a cyberattack could cause. Jason guides you through incident response planning, including events, incidents, policies, plans, and procedures. He covers gathering and training your incident response team, as well as establishing and maintaining needed communications. Jason guides you through preparing for an incident and explains how to detect and analyze an incident. Plus, he goes over containment, eradication, recovery, and post-incident activities. Jason fully covers the guidance provided in the NIST SP 800-61, as well as recommendations based upon practical experience from the field.
Skills covered
Incident ResponseCybersecurityDeep Dive (X:Y)
Concepts
0. Introduction
- 01 - Overview
- 02 - Why do you need a plan
- 03 - Lifecycle of an incident response
- 04 - Review - Introduction
1. Incident Response Planning
- 05 - Incident response planning
- 06 - Events and incidents
- 07 - Policy, plans, and procedures
- 08 - Policy elements
- 09 - Plan elements
- 10 - Procedure elements
- 11 - Review - Incident response planning
2. Incident Response Team
- 12 - Incident response team
- 13 - Incident response team structure
- 14 - Types of teams
- 15 - Selecting a team model
- 16 - Team members
- 17 - Leading a team
- 18 - Organizational dependencies
- 19 - Review - Incident response team
3. Communication
- 20 - Communication
- 21 - Coordinating your efforts
- 22 - Internal information sharing
- 23 - Business impact analysis
- 24 - Technical analysis
- 25 - External information sharing
- 26 - Review - Communication
4. Preparation
- 27 - Preparation
- 28 - Communications and facilities
- 29 - Hardware and software
- 30 - Technical resources and information
- 31 - Software resources
- 32 - Incident prevention
- 33 - Review - Preparation
5. Detection and Analysis
- 34 - Detection and analysis
- 35 - Attack vectors
- 36 - Detecting an incident
- 37 - Indicators of compromise
- 38 - Conducting analysis
- 39 - Documenting the incident
- 40 - Prioritizing the incident
- 41 - Notification procedures
- 42 - Review - Detection and analysis
6. Containment, Eradication, and Recovery
- 43 - Containment, eradication, and recovery
- 44 - Containment strategy
- 45 - Evidence collection and handling
- 46 - Identifying the attacker
- 47 - Eradication and recovery
- 48 - Review - Containment, eradication, and recovery
7. Post-Incident Activity
- 49 - Post-incident activity
- 50 - Lessons learned
- 51 - Metrics and measures
- 52 - Evidence retention
- 53 - Calculating the cost
- 54 - Review - Post-incident activity
Conclusion
- 55 - What to do next
Related courses
- Incident Response Leadership for Cybersecurity Managers: From Incident Planning to Business Continuity
- Supply Chain Cybersecurity: Preventing Supply Chain Attacks
- Certified Information Privacy Manager (CIPM) Cert Prep: 6 Privacy Operational Life Cycle: Respond
- NIST CSF 2.0: Empower Your Organization to Navigate the Modern Cybersecurity Threat Landscape
- Build Your First Disaster Recovery Plan (DRP)
- Building a Modern Insider Threat Program to Better Protect Your Data
- Incident Response Frameworks
- SSCP Cert Prep: 4 Incident Response and Recovery
Related learn paths
- Navigating the Cybersecurity Threat Landscape
- Prepare for the Certified Professional Privacy Manager (CIPM) Certification
- Advance Your Skills as a Supply Chain Manager
- Prepare for the CompTIA Security+ (SY0-601) Certification Exam
- Prepare for the CSA Certificate of Cloud Security Knowledge (CCSK) Exam
- Prepare for the ISC2 Systems Security Certified Practitioner (SSCP) Exam
- Succeed as a Remote IT Administrator
- Become an IT Security Specialist