Although network teams possess the tools needed to secure their infrastructures, they often lack the skills for managing the incident response process. This course provides students with the skills needed to create processes for appropriately responding to security incidents. Students will learn to evaluate at what point are computers shut down and the organization disconnected from the Internet. Students will learn to analyze when is it best to let the intruders continue, so we can further determine their motivations, or goals. These processes are critical to ensuring that an incident doesn’t create greater organizational damage.
Learning Objectives
1. Analyze and assess the importance and relevance of the incident response process and how it ties into network protection and continued operation.
2. Research and analyze the tools that can be used to assist in the incident response process.
3. Research and analyze the decisions in incident response to determine when it is appropriate to disconnect from the Internet, stay connected and monitor, or attempt to redirect the attacker for further monitoring.
4. Apply computer forensics concepts into the incident response process.
5. Understand the importance of keeping current in the information security community as a method to protect their environment.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- All-Source Analysis
- Collection Operations
- Cyber Investigation
- Cyber Operations
- Digital Forensics
Feedback
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.