OutlineModule 1: Understanding the Adversaries
In this module, you are introduced to the attacker mindset and the different attack kill-chains employed by adversaries. You are taught the importance of this knowledge when responding to breaches as it will inform many incident response decisions. We will review multiple case studies of organisations that responded inappropriately to breaches because of failures in understand the adversaries they were facing and offer examples of what they could have been done instead.
Module 2: Network and Endpoint Security Monitoring
When deploy across the network, Event logging and security monitoring greatly assist incident responders and forensics investigators detect, respond and counter cyberattacks. In this module, you will learn easy-to-use security tools that can be deployed across your endpoint fleet and network taps to capture all the security logs you’ll need to investigate security compromises. You will also be introduced to forensics tools to rapidly investigate whether a machine has been compromised, and how to do incident response in the cloud.
Module 3: Investigating Security Anomalies
In the third module you are taught structured analytics techniques to rapidly and thoroughly investigate and triage security anomalies. Organisations that do not employ those techniques often miscalculate the risk of security alerts and thus begin the incident response process when it’s already too late (e.g. after they receive an email blackmailing them, or when they are alerted that their data is on the black market being sold to the highest bidder).
Module 4: Consuming Threat Intelligence
Threat intelligence is a crucial tool meant to assist business decision makers understand the adversaries they are facing and the seriousness of early compromise events, and yet, it seems like almost no organization really knows how to consume it. In this module, you will learn how threat intelligence is meant to be used, and how to incorporate it into your organisation’s incident response process to significantly reduce the consequences of an attack against your organisation. The difference between an organisation that properly uses threat intelligence and one that does not is can amount in millions of dollars paid in blackmail or extortion that could otherwise have been avoided.
Module 5: Incident Management
Onsite IT professionals and third-party incident responders must work hand-in-hand to minimize the consequences of security breaches. In this module, you will learn a formal process to engage external incident responders, provide them with the information that they need to hit the ground running, and how to manage incidents from the customer perspective. You will also learn how to write state-of-the-art incident reports that can be shared with senior management and the board, customers, and third parties.