• Online, Self-Paced

Information security managers must have the most efficient tools to detect potential security incidents at their disposal. In this course, you'll explore several tools that can be used to detect anomalies and learn how to take action to mitigate these anomalies.

You'll learn to differentiate intrusion detection from intrusion prevention, before using Snort for network anomaly detection. You'll then examine how honeypots provide insight related to malicious user techniques. Next, you'll analyze various types of Windows logs, before working with logging in Linux.

Lastly, you'll configure data loss prevention in the cloud, view compliance reports, and outline how SIEM and SOAR can be used for incident detection and response.

This course is one of a collection of courses that prepares learners for the Certified Information Security Manager (CISM) certification.

Learning Objectives

{"discover the key concepts covered in this course"}

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Defense Infrastructure Support
  • Cybersecurity Management
  • Systems Analysis
  • Vulnerability Assessment and Management

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.