Critical Knowledge: Incident Response Course

Build and enhance incident response skills.

Enterprise organizations are bombarded by cybersecurity attacks on a daily basis. It’s not a matter of if a breach will occur; rather it’s a question of when and to what extent. Incident Response teams can work quickly to contain and mitigate a breach.  Yet, upskilling individuals to act in a full IR capacity is not an easy task. The industry doesn’t yet offer an incremental learning path from a SOC Analyst or Cybersecurity Specialist role directly feeding into IR.

CyberVista now offers a 100% online training program designed to develop Incident Responders quickly and cost effectively. Critical Knowledge: Incident Response is a comprehensive offering that builds on the Critical Knowledge training program. This course goes beyond fundamental concepts and dives into technical and task-oriented subject matter designed specifically for Incident Responders. Team members working within a CERT (computer emergency response team), CSIRT (computer security incident response team), CIRT (computer/cybersecurity incident response team), or broader SOC (security operations center) would benefit greatly from this course.

Unit 0: Foundational Knowledge
Learners will establish or revisit foundational concepts necessary to building knowledge and skills in later units.

  • 0.1       Networking Basics
  • 0.2       Host Basics
  • 0.3       Indicators of Compromise

Unit 1: IR Overview
Learners will understand various roles within an organization and their responsibilities prior to, during, and after an incident occurs.

  • 1.1       Incident Response Overview
  • 1.2       Roles and Responsibilities
  • 1.3       Policies and Procedures

Unit 2: Attack Lifecycle
Learners will understand the Cyber KillChain and the Mitre Attack Framework. These are important to understanding the phases of an attack and how to determine a resolution.

  • 2.1       Cyber Kill Chain
  • 2.2       Mitre Attack Framework

Unit 3: Host and Network-Based Detection and Resolution
Learners will become familiarized with means of detection and resolution of network intrusions and malware attacks.

  • 3.1       Network Analysis and Attack Identification
  • 3.2       Host and Network Intrusions
  • 3.3       Malware and Rogue Device Detection

Unit 4: Attack Patterns and Mechanisms
Learners will be able to understand attacks listed in the OWASP Top Ten, the methods that these attacks propagate and affect an organization, and remediation techniques.

  • 4.1       Network-Based Attacks
  • 4.2       Host-Based Attacks
  • 4.3       Attack Methods

Unit 5: Forensics
Learners will become familiar with digital forensics, techniques used, case studies, and additional hands-on exercises.

  • 5.1       Forensics in IR
  • 5.2       Forensics Methodologies
  • 5.3       IR Case Study
  • 5.4       IR Activity