• Online, Self-Paced
Course Description

Assets must be identified before they can be protected. This can come from documentation or IT inventories. Proactive planning streamlines incident response to minimize negative impacts to the organization.

Learning Objectives

Threat Management

  • start the course
  • identify assets and related threats
  • recognize known, unknown persistent, and zero-day threats
  • identify what constitutes PII
  • explain payment card data
  • identify intellectual property
  • control how valuable data is used
  • configure group policy to prevent data leakage
  • determine the effect of negative incidents

Incident Planning

  • identify stakeholders related to incident response
  • recognize incident response roles
  • describe incident disclosure options

Incident Response

  • analyze host symptoms to determine the best response
  • analyze network symptoms to determine the best response
  • analyze application symptoms to determine the best response
  • contain negative incidents
  • thoroughly remove data
  • identify positive learned outcomes resulting from incidents


  • identify how OEM documentation can be used to reverse engineering products
  • recognize the relevance of up-to-date network documentation
  • recognize the ongoing maintenance of incident response plans
  • create proper incident forms
  • protect the integrity of collected evidence
  • implement changes to processes resulting from lessons learned
  • determine which type of report provides the best data for a specific situation
  • determine if SLA details are aligned with business needs
  • explain the purpose of a MOU
  • use existing inventory to drive decisions related to security

Practice: Threats and Incident Response

  • recognize threat impact and design an incident response plan

Framework Connections