Cybersecurity Incident Handling & Response in Under 40 Minutes.pdf

ABOUT NETCOM LEARNING
NetCom Learning is an award-winning
global leader in managed learning
services, training and talentdevelopment.
Founded : 1998
Headquarters : New YorkCity
Delivery Capability : Worldwide
CEO : RussellSarder
100K+
Professionals
trained
| |
© 1998-2019NetCom Learning www.netcomlearning.com info@netcomlearning.com 1-888-563-8266
14K+
Corporate
clients
3500
IT,Business&
Soft Skillscourses
96%
Of customers
recommend usto others
8.6/9
Instructor
evaluations
20+
Leadingvendors
recognitions
Microsoft’s
Worldwide training
partner of the year
80%
Trained ofthe
Fortune 100
T
op20
ITTraining
Company
© 1998-2021 NetCom Learning www.netcomlearning.com info@netcomlearning.com 1-888-563-8266
|
|
© Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com
1998-2022 NetCom Learning

| |
|
|
CLICK HERE TO WATCH
Access the Recorded Session here!

© 1998-2022 NetCom Learning
WHY IS INCIDENT RESPONSE IMPORTANT?
Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com
Data breaches cost companies’ operational downtime, reputational, and financial loss. The
longer any vulnerability stays in a system, the more lethal it becomes. For most of the
organizations, breaches lead to devaluation of stock value and loss of customer trust.
To eliminate such risks, companies need a well-planned cybersecurity incident response plan,
which aims at –
• Restoring daily business operations
• Minimizing financial and reputational losses
• Fixing cyber vulnerabilities comprehensively and quickly
• Strengthening security posture to avoid future attacks
Another important objective is to align the security posture with applicable regulatory
standards. Organizations should comply with these standards to avoid hefty fines and
penalties. A few of the significant acts and regulations are listed below –HIPAA, PCI DSS, GLBA,
FISMA etc.

AGENDA
Introduction to Incident Handling & Response
Incident Handling & Response Process
Forensic Readiness & First Response
Malware Incidents
Email Security Incidents
Network Security Incidents
Web Application Security Incidents
Cloud Security Incidents
Insider Threats

INCIDENT HANDLING AND RESPONSE (IH&R)
• Taking organized and careful steps, when reacting to a security incident.
• Set of procedures, actions and measures taken.
• Helps organizations to identify and mitigate various business risks
• Restoring normal business operations as quickly as possible with minimal business impact

INTRODUCTION TO INCIDENT HANDLING AND RESPONSE
WHAT I NEED TO KNOW AS AN INCIDENT HANDLER
• Elements of information Security: CIA Triad.
• Securing Information: Defense in Depth, Policies etc.
• Information security threats and attack vectors: goals of attacks, Top attacks, types of
threat actors, impact of attacks etc.
• Information security Incidents: types, Signs of incident, cost of an incident etc.
• Incident Management: Incident handling & Response Process.
• Vulnerability Management: vulnerability, research, classification, assessment.
• Threat Assessment: common targeted assets, threat intelligence, correlation etc.

CONTD.
WHAT I NEED TO KNOW AS AN INCIDENT HANDLER
• Risk Management: risk, management, level, matrix, mitigation, control, Tools-PILAR
• Incident response automation
• Best Practices- OWASP, ENISA(European Union Agency for Cybersecurity ), GPG18 (Good
Practice Guidelines) and Forensic Readiness Planning
• Cybersecurity Frameworks: CIS (Center for Internet Security) controls, COBIT (Control
Objectives for Information and Related Technologies), NIST 800-61
• Role of laws in Incident Handling

INCIDENT HANDLING AND RESPONSE PROCESS

FORENSIC READINESS AND FIRST RESPONSE
Phases involved in computer forensics
• Pre-investigation phase- CFL, Investigation team, Review policies & laws, quality
assurance process, data destruction standards, risk assessment etc.
• Investigation Phase-First response, search & seizure, collecting evidence, secure
evidence, chain of custody, data acquisition, order of volatility, data analysis, anti-
forensics
• Post Investigation Phase-Evidence assessment, documentation & reporting, testify as
an expert witness.
• Forensic Readiness
• First Response- His roles, health & safety issues, secure crime scene, collecting incident
information,
• Principles of Digital Evidence- ACPO (Association of Chief Police Officers), SWDGE
(Scientific Working Group on Digital Evidence)

MALWARE INCIDENTS
• PREPARATION: Malware incident response team- Handling malware safely- Preparing
testbed, Malware analysis tools
• DETECTION: Indications, Detection techniques (Static/Dynamic Analysis)
• CONTAINMENT: Separate compromised system, analyze logs, analyze compromised
systems
• ERADACTION: Content filtering tools, Network security devices, blacklisting, scan, patch
etc.
• RECOVERY: Wipe effected media, rebuild compromised systems, scan etc.

EMAIL INCIDENTS
• PREPARATION: Email filtering, email monitoring, training & awareness to employees, AUP,
log analysis tools etc.
• DETECTION AND CONTAINMENT: Indications, detecting phishing/spam mails, analyzing
email headers, analyzing email logs etc.
• ERADICATION- Report spam and phishing, Spam and phishing guidelines etc.
• RECOVERY- recovery of deleted mails, email security tools
• TOOLS:
• Email Recovery: Recover my email
• Antiphishing: Gophish
• Antispam: SPAMfighter
• Email Security: Gpg4win

NETWORK SECURITY INCIDENTS
Unauthorized Access Incidents, Inappropriate Usage Incidents, DoS Incidents, Wireless
Incidents
• PREPARATION: Configure network security devices, syslog, standard protocols, tool kit, train employees,
network traffic and employee monitoring etc.
• DETECTION: General Indicators, tools, Unauthorized access incidents (reconnaissance, SE, sniffing &
spoofing,). Inappropriate usage (high resource utilization, malware, log analysis)
• CONTAINMENT: Unauthorized access (isolate affected systems, disable affected service etc.)
Inappropriate usage (port & URL filtering, POLP, change password, IDS, IPS, VPN, )
• ERADICATION: Physical security measures, authentication and authorization, host security and network
security measures, Firewall, IDS/IPS, URL Filtering, encrypted protocols, VPN, log monitoring, employee
training,
• RECOVERY: Data backup, patching, update policies, employee training, AV updated

WEB APPLICATIONS SECURITY INCIDENTS
• PREPARATION: Plan, backup site, monitoring tools, Deploy WAF-dotDefender, SIEM-AlienVault OSSIM
• DETECTION & ANALYSIS: Indicators, automated detection, manual detection, log analysis tools- OSSEC,
Apache Logs Viewer
• CONTAINMENT: Deny unnecessary access, whitelist/blacklist, web content filtering etc.
• ERADICATION: techniques vary asper attack type (SQL, broken authentication, sensitive data exposure,
XSS, DDoS, CSRF, cookie poisoning etc.)
• RECOVERY: patch, scan, trusted backups, Tools- ApexSQL log, CrowdStrike Falcon, etc.
• BEST PRACTICE- fuzz test, source code review, security testing tools- Acunetix, Watcher Web,
Netsparker

CLOUD SECURITY INCIDENTS
• PREPARATION: IR Teams, monitoring devices, enable logging, DLP, SIEM etc.
• DETECTION & ANALYSIS: Indicators, (network, storage, server, virtualization, application related
incidents), cloud-based log analysis tools-loggly
• CONTAINMENT: Block communication with external network, check backups, disconnected malware
affected systems, block source IP, stop vulnerable service, isolate effected VMs, tool- CloudPassage
Quarantine etc.
• ERADICATION: Remove malware files, update security solutions, deny access to compromised
accounts, issue alerts and alarms, MFA, contact developers about security flaws, patch vulnerabilities,
employee training, encrypt traffic, scan, update VMs, security best practice
• RECOVERY: Ensure malware free environment, recover from backup, security updates

INSIDER THREATS
• PREPARATION: Train employees, implement policies, strict passwords, background checks, employee
monitoring, auditing, POLP, honeypot, DLP, SIEM, IDS, Log management etc.
• DETECTION & ANALYSIS: Indicators, suspicious activity, behavioral analysis, sniff network traffic, log
analysis, network analysis, system analysis, browser data, database analysis, physical security analysis,
tools- ObserveIT, DataRobot, ekran system etc.
• CONTAINMENT: Isolate affected systems, block all access of suspicious employees, seize allocate
devices, restrict premises access, formal complaint, issues guidelines to others also
• ERADICATION: allocate least amount of access, data encryption, isolate storage, change password
regularly, data audit and protection, strict policy, examine employee behavior, proper training,
background check again.
• RECOVERY: Gather evidence, change passwords, remove malware traces, recovery process, backup.

RELEVANT CERTIFICATION
• https://www.eccouncil.org/wp-content/uploads/2019/02/ECIH-V2-Brochure.pdf
• https://www.netcomlearning.com/ec-council-ecih-certified-incident-handler/course/44650/

Recommended Courses
NetCom Learning offers a comprehensive portfolio for Security
» EC-COUNCIL ECIH: CERTIFIED INCIDENT HANDLER - Class Scheduled on Sep 12
» EC-COUNCIL CHFI: COMPUTER HACKING FORENSIC INVESTIGATOR V10 - Class Scheduled on Oct 17
» EC-COUNCIL CND: CERTIFIED NETWORK DEFENDER V2 - Class Scheduled on Sep 12
» EC-COUNCIL CERTIFIED ETHICAL HACKER (CEH) MASTER - Class Scheduled on Sep 19
| |
You can also access the below Marketing Assets
» Free 1hr Training - Build a Core Network Security Team in 40 Minutes
» Free On-Demand Training - An Introduction to CompTIA Security+ SY0601
» Blog - Accelerating federal upskilling to meet the requirements of the modern digital landscape

Other Marketing Assets
COURSES & CERTIFICATIONS OUR FREE VIRTUAL EVENTS BLOGS SAVINGS PROGRAMS & PROMOS

Stay Digital Safe - Assess and Upskill your team against cyber threats now !
NetCom Learning's end-user Cybersecurity Awareness Training & Phishing Simulation Solution offers phishing simulations on email,
voice, and text to organizations, and is bundled with 90+ interactive security awareness video courses for the end-users.
Request a Demo

Learning Passport
Flexible Team Training Package
Specifically designed to be customized for the number of learners you
plan to train on top-notch technology providers – including Microsoft,
AWS, Cisco, CompTIA, Adobe, Autodesk, PMI, EC-Council, and more.
Redeemable over 4,000+ official courses
Flexible fund validity of 12 months
Contact Us Now To Schedule your appointment with our learning consultants.
Toll-free Phone: 1-888-563-8266 | Email: info@netcomlearning.com
Learn More

NetCom
Individual Learner Subscription
Get 24/7 access to unlimited virtual instructor-led and self-paced IT and
business training for 12 months. NetCom+ includes over 250 e-Learning
and 140 virtual instructor led courses across various domains.
$2,999 per learner per year
* Additional discounts available for enterprises
+
Learn More

Exclusive Government Savings
Solutions For FY22
This fiscal year, take full advantage of your FY22 training budget and strengthen your
workforce's skillset across 9 domains such as Cloud, Security, Networking, Project
Management, and more, delivered by certified instructors - equipped with security
clearance and government and military training experience.
Learning Passport
Experience up to a
100% increase
in purchasing power and
secure your yearly training
Get Special Pricing
Get exclusive Special Pricing
for Government and
Military on courses
up to $3,600
NetCom+ Subscription
Save training dollars and get
unlimited access to
virtual Instructor-led and
on-demand courses
Help teams earn and maintain certifications as per
Department of Defense (DoD) directive 8140
(Formerly known as DoD 8570)

NetCom Learning serves all Government agencies through our GSA schedule,
47QTCA22D004B.
Our GSA Schedule provides more than 800 classroom training solutions available
for delivery at one of our many training facilities, at your location or at an off-site
that offers maximum convenience.
NetCom Learning is also approved as GSA Small Business for GSA Set Asides.
We accept GSA SmartPay and GCPC credit cards | We participate in GSA Advantage

Continue your Cybersecurity
Skilling Journey with
Microsoft Security
Fundamentals
You will get access to your free Microsoft Official Courseware on
SC-900T00: Microsoft Security, Compliance, And Identity Fundamentals
in the NetCom365 Learning Portal.
Access Now

FOLLOWUS ON
LinkedIn T
witter YouTube
| |
© 1998-2019NetCom Learning www.netcomlearning.com info@netcomlearning.com 1-888-563-8266
Instagram
|
|

| |
|
|
A BOOK FROM
RUSSELL SARDER
CEO - NETCOM LEARNING
Aframework to build a smarter
workforce, adapt to change and drive
growth.
Download

Cybersecurity Incident Handling & Response in Under 40 Minutes.pdf

Recommended

Recommended

More Related Content

More from Tuan Yang

More from Tuan Yang (20)

Cybersecurity Incident Handling & Response in Under 40 Minutes.pdf