Cyber security Incident Response

Ref. RICS

Prepare, respond and learn: cyber security begins with rapid action, solid knowledge and resilience in the face of digital threats.

Duration: 6 hours
Effort: 6 hours
Pace: Self paced
Languages: English and portuguese
2,434 already enrolled!

What you will learn

Identify good cyber security practices and incident prevention measures.
Identify the phases of the security incident response cycle.
List cyber security incident response plans and policies.
Explore how to apply incident detection techniques and forensic analysis.
Differentiate containment techniques such as isolation, segmentation and sandboxing, and evaluate their operational and legal impacts.
Identify threat eradication methods, including device sanitisation and secure disposal, adapting actions according to the type and criticality of the incident.
Understand recovery practices, ensuring mitigation of the exploited vulnerability.
Identify practices for restoring systems and data after an incident and analyse lessons learned for continuous improvement.
Develop and interpret technical reports and executive summaries.
Apply root cause analysis (RCA) techniques to identify the origins of incidents and propose effective corrective solutions.
Understand the importance of preserving and documenting evidence for forensic investigations and potential legal actions.

Description

This course offers a detailed approach to the processes and practices of cybersecurity incident response, reviewing good practices and prevention methods while focusing on preparation, identification and analysis, containment and eradication, recovery and the recording of lessons learned. Participants will learn about response plans and policies, how to build and train incident response teams, and the techniques used for detection and analysis. In addition, the course will discuss strategies to limit the impact of incidents, eliminate threats, and restore systems and data, with a focus on the continuous improvement of response processes.

Assessment and certification

At the end of each module, in order to assess your progress, you will take a test with a mandatory knowledge check, which will account for 50% of the final grade.

At the end of the course, you will take a Final Assessment Test, which will account for 50% of the final grade.

Course plan

Part I - Introduction to Cyber Security Incident Response
Module 1 - Definitions and Stakeholders
Module 2 - Cyber Security Fundamentals

Part II - Preparation
Module 3 - Response Plans, Policies and Playbooks
Module 4 - Legal, Regulatory and Notification Considerations
Module 5 - Training, Exercises and Simulations

Part III - Detection and Analysis
Module 6 - Identification and Defence
Module 7 - Digital Forensics Analysis

Part IV - Containment, Eradication and Recovery
Module 8 – Containment
Module 9 - Eradication
Module 10 – Recovery

Part V - Post-Incident Activity
Module 11 - Root Cause Analysis
Module 12 - Reporting, Evidence Preservation and Lessons Learned

License

License for the course content

Attribution-NonCommercial-NoDerivatives

You are free to:

Share — copy and redistribute the material in any medium or format

Under the following terms:

Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
NonCommercial — You may not use the material for commercial purposes.
NoDerivatives — If you remix, transform, or build upon the material, you may not distribute the modified material.