• Online, Self-Paced
Course Description

Despite your best efforts, security incidents will happen, and it's important you know how to properly respond and recover to protect enterprise assets. This course covers incident handling best practices, including discovery, escalation, reporting, and response. It also details appropriate countermeasures and continuity practices in addition to an overview of forensic investigation best practices, including appropriate evidence handling and chain of custody activities. This course is one of a series in the Skillsoft learning path that covers the objectives for the (ISC)2 Systems Security Certified Practitioner Exam.

Learning Objectives

Participating in Incident Handling

  • start the course
  • describe incident discovery activities
  • identify incident escalation activities
  • identify lessons learned activities
  • identify incident response best practices
  • identify best practices when implementing countermeasures

Supporting Forensic Investigations

  • identify first responder best practices during forensic investigation activities
  • identify best practices for evidence handling during forensic investigation activities
  • describe characteristics and best practices of chain of custody during forensic investigation activities
  • identify best practices for preservation of scene during forensic investigation activities

Supporting Business Continuity Activities

  • describe characteristics and best practices for supporting emergency response plans and procedures
  • describe interim or alternate processing strategies as part of business continuity activities
  • identify best practices for restoration planning as part of business continuity activities
  • describe characteristics and best practices for implementing backup and redundancy options
  • describe characteristics and best practices for testing and drills for supporting emergency response plans and procedures

Practice: Incident Response and Recovery

  • identify best practices for handling incidents, supporting forensic investigations, and supporting business continuity activities

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.