• Classroom
  • Online, Instructor-Led
Course Description

This is the third course in a series of three (3) courses. This course focuses on the Respond and Recover domains of the US Cybersecurity (NIST) framework. The final course in the Practitioner series provides hands-on instruction in the Respond and Recover domains. In this course students will learn how to respond and recover from network incidents or disasters, how to contain an event and protect assets and infrastructure and the components and procedures required for a comprehensive incident response plan. Topics covered include proper isolation response documentation while ensuring network propagation and system posture awareness, how to document and maintain information related to IR, including steps for mitigation and incident reports and how to recuperate a system or network. Also covered is how to implement continuity and contingency plans in accordance with corporate policies.

The Cybersecurity (CSX) Practitioner three course series is aligned to the ISACA CSX Practitioner certification program. These courses are not required to take the CSX Practitioner exam, but are highly recommended as a strong preparation source.

Learning Objectives

  • Executing incident response plans
  • Escalating incidents and attacks
  • Isolating attacks
  • Configuring and implementing new controls
  • Performing change documentation
  • Drafting incident reports
  • Performing business continuity plans
  • Performing disaster recovery plans
  • Restoring systems
  • Implementing safeguards
  • Identifying and disseminating post-incident review

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.