This course introduces the skills and techniques necessary to detect, respond and recover from cyber incidents. The goal is to learn to integrate business continuity / disaster recovery plans into the incident response process. This is a writing intensive course, which requires each student to individually document cyber security incidents and communicate the impact of those incidents to the organization. Peer writing evaluation will help students to consider how effective their written communication skills are.
Learning Objectives
Define & Explain Information Security and the role of policy / procedures
Identify and explain the basic concepts and phases of risk management.
Discuss key laws, regulations, and standards associated with contingency planning.
Define business impact analysis and describe each of its components
Explain the strategies employed for resumption of critical business processes at alternate and recovered sites.
Identify the activities and deliverables used in an incident response policy and explain how policy affects the process.
Describe the purpose and function of the CSIRT.
Perform network traffic analysis and sniffing by using appropriate tools.
Perform incident handling by using appropriate methods.
Identify security controls and defensive technologies.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Cyber Defense Analysis
- Cyber Investigation
- Cyber Operations
- Incident Response
Feedback
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.