This hands-on course covers the essential information you need to know in order to properly detect, contain and mitigate security incidents. In this 5 day course, you learn the ins and outs of incident response, as well as the tools of the trade used by incident responders on a daily basis. This course helps you fully understand how systems are compromised and what traces are left behind by attackers on the network, on disk, and in volatile memory. The Incident Response and Network Forensics course addresses cutting edge attack vectors as well as tried and true methods for compromise. You leave the 5 day course with the knowledge of how to prevent incidents and the skills to defend against a security incident if it does happen
The course focuses on the 5 key Incident Response Tactics:
- Plan - Preparing the right process, people and technology enables organizations to effectively respond to security incidents.
- Identify - Scoping the extent of the incident and determining which networks and systems have been compromised. Includes assessing the extent to which systems have been compromised.
- Contain - Prevent the incident from further escalation using information gathered in Identify stage.
- Eradicate - Remove intruder access to internal and external company resources.
- Recover - Restore fully operational system capability and close out incident
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.