CIS
Elective #4 - Managing the Consequences of Intrusions Overview: The increasing number of
information security breaches and the severe impact to data and functions provide
strong impetus for effective incident response. The complexities of todays networks
often make achieving desired levels of security difficult. Developing a capability
to quickly detect and remedy security-related incidents has become considerably more
important within the organization. This course provides a
wealth of information on incident handling, what it is, why it is important,
how to do it, and evaluate how well it is done. Developed and taught by the founder
of the Department of Energy Computer Incident Advisory Capability Team who has project
experience, it offers practical insights and experience to help avoid the many mistakes
that can be made in this area. Procedures are focused on system administrator roles
and incidents.
Goals and Objectives: Upon completion of this course,
student's will be able to:
| |
Define
incident handling and describe major goals and principles |
| |
Describe what
risk analysis is, the importance of this activity in incident handling |
| |
Explain
how to develop and use a methodology for incident handling |
| |
Describe
how to trace network intrusions |
| |
Explain
the essential elements in forming and managing an incident response team |
| |
Enable
system administrators to establish workable incident response strategies
and compliance with System Rules requirements |
Course Benefits: Improve the
incident response capabilities of organizational units by gaining the
mastery of the incident response consequence management and the skills
needed to effectively respond to intruder incidents. The value of the
system administrator role in establishing incident response strategies defined
in this course is of significant benefit to the system administrators and helps
achieve common responses. Topics Discussed:
| |
Introduction
to Incident Handling |
| |
Sizing
the Threat |
| |
Risk Analysis |
| |
A Methodology
for Incident Response Legal Consideration and Forensics |
| |
Developing
an Incident Response Capability |
| |
Forming
and Managing Responses |
| |
Tracing
Network Intrusions |
Hands-on Exercises: In a simulation exercise,
"NETSECSIM" (Network Security Simulation), teams will try to defend their portion
of a simulated network from attacks. Given limited resources, teams decide the
security controls to be implemented and the amount of resources to be used. Network
attacks occur on a random basis and may succeed or fail depending
on the controls selected. Successful attacks
prompt responses based on the course material. This simulation is suitable
for system administrators regardless of technical background, it provides
an interesting and enjoyable way to apply course concepts. Course Delivery:
| Delivery
Method |
Lecture and
Simulation Exercise |
| Course Duration |
2 Days |
| Course Fee |
$1095.00 US |
|
