Good management skills and decisive leadership determine the success of incident response more so than the technical skills of employees or the promises of vendor solutions. This practical course aims to develop incident response leaders who can plan, respond and execute a successful incident response with little or no impact to the organization. Topics are reinforced through participation in various incident response scenarios. In order to better grasp the challenges faced by different incident response disciplines, student scenarios cover various situations that offer experience from the perspective of technical staff, line managers and even the CIO.
This scenario-based experience will allow attendees to work through different aspects of intrusions and share actual experiences, enabling students to respond appropriately when required by real world incidents. The scenarios will begin from the standpoint that a complex intrusion has already occurred on your network, and the triage is beginning.
Day 1 of the course will cover the incident management process and what should be in place prior to an incident. Students will understand various incident response disciplines, different policies and procedures, and what talents their staff should have to handle an incident. Once the incident has occurred, scenarios will be covered on when to inform outside agencies, what questions should be asked of your staff and business partners, and different steps in building a response plan.
Day 2 will cover many of the aspects of the response plan as time progresses (from the point of intrusion) and management and employees are starting to grow impatient with the recovery.
How to deal with the boss and factors that can alter the plan are critical steps in the recovery process. The often-overlooked step of determining what is truly important to the company and where the high value assets exist will be addressed. Finally, when can you trust your network again, and calculating the actual cost of an intrusion wrap the course up.
Students should have a basic understanding of network design, network architecture, and networking principles. A familiarity with incident response procedures will be helpful, but not required.