Incident Response Training
Organizations spend a lot of time and effort verifying the effectiveness of their security controls and preparing for an incident, but not enough time learning how to deal with an incident once it occurs. The consequences of being unprepared could include business downtime, loss of sensitive data, costly fines, and damaging brand reputation.
An incident is defined as any violation of the organization’s security policies or procedures that compromises or attempts to compromise the confidentiality, integrity, or availability of information (known as the CIA triangle). Investing in Incident Response training can be a clever use of resources, consedering:
- Most Incidents can be prevented
- Human error is the most likely cause of security failures
- Even cybersecurity “experts” have lapses in judgment of security practices
- You may not want to invest the necessary time or money to provide adequate preventative defenses
- Worse, you may not know what to defend (“know your enemy and know yourself”)
What Comsec’s Incident Response Training experts can teach your business
The “response” is and organized approach to addressing and managing the aftermath of a security breach or IT incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. The response should also correspond to the priority of the incident and the risk to the organization.
Comsec’s incident response training workshop will teach your team about the Incident Response Life Cycle that guides the Incident Response Team on what actions they should take during certain incidents. The life cycle is divided into mandatory phases in which the Incident Response Team must go through.
We are confident that our tailored training sessions, as described below and carried out by Comsec’s team of experts, will help to improve and maintain a high degree of security for your organization needs.
Intractive theoretical lectures and hands-on lab. Length: 2 days
- Introduction to Incident Response – In this chapter, we will start with going over the concepts of incident response as a policy and process. In addition, we will discuss what cyber attacks are and why they occur. Finally, we will review a well-known incident briefly to see how it was handled.
- Incident Response Lifecycle – The core part of being an incident responder is to understand the incident response workflow and the attack’s sequence (a.k.a. execution chain/kill chain). It’s important that your incident response team knows how to categorize each step in the attack and follow the correct stage in the incident response life cycle.In this section, the class will discuss the response flow for different attack scenarios given in the class as well as understanding the kill chain process.
- Incident response lifecycle
The participants will be presented with measures to ensure that effective preparations take place, prior to security incidents occurring.
- Incident handling team duties and responsibilities
- End users and analysts training basics
- Login banners and warning messages concepts
- Incident handling documentation
- Backups activities
- Incidents identification practices by various stakeholders, including end users or even clients
- Incident declaration, and team assembly
- Key system files, records preservation
- Detailed incident documentation
- System information basic analyze, including key files, backups of the compromised machine for later forensic analysis
- Powering off machines vs. LAN disconnection discussion
- The use of boot CDs to access data on compromised machines
- Rebuilding machines images
- Backups testing, prior to deployment
- Documentation procedures
- Systems post-incident retest
- Customer notification – concerns, policies, practice
- Monitoring for security incidents
- Final reporting and event review, describing the incident and how it was handled using the Incident reporting form
Following the training session, students will conduct an investigation on a given use-case for malware and lateral movement attacks. As part of the exercise, students will implement the entire incident response methodology by using different tools to investigate and analyze the entire kill-chain as an overview.
Forensics in Support of Incident Response – As digital forensics in an integral part of incident response, this unit allows the students to understand the basic approach of forensic investigation during an incident, from golden rules to actual practice. During this session the students will exercise the basic static and dynamic analysis of suspicious files and more.
Over 30 years of cybersecurity experience
- Comsec is trusted by over 1,000 clients including Fortune 500 companies
- Our international offices ensure quick response times, any day of the week
- Work with enterprise-level, certified professionals with top-tier credentials
- Find solutions quickly based on Comsec’s gold-standard Isreali cybersecurity expertise
- Comsec is certified as a QSA for PCI-DSS, PCI-PA, and HIPAA compliance and is a lead auditor for ISO 2700 standards