Казахстан, г. Алматы, ул. Шевченко 90, БЦ «Каратал», офис 53
Казахстан, г. Астана, ул. Иманова 19, БЦ Деловой Дом "Алма-Ата", офис 612

направление: EC-COUNCIL кол-во дней: 3
вендор: Информационная безопасность кол-во часов: 24
код курса: ECCIH

Course Description

The EC-Council Certified Incident Handler program is designed to provide the fundamental skills to handle and respond to the computer security incidents in an information system. The course addresses various underlying principles and techniques for detecting and responding to current and emerging computer security threats. Students will learn how to handle various types of incidents, risk assessment methodologies, and various laws and policy related to incident handling. After attending the course, they will be able to create incident handling and response policies and deal with various types of com- puter security incidents. The comprehensive training program will make students proficient in han- dling and responding to various security incidents such as network security incidents, malicious code incidents, and insider attack threats. In addition, the students will learn about computer forensics and its role in handling and responding to incidents. The course also covers incident response teams, incident reporting methods, and incident recovery techniques in detail. The E|CIH certification will provide professionals greater industry acceptance as the seasoned incident handler.

Certification

  • The E|CIH 212-89 exam will be conducted on the last day of training. Students need to pass the on- line Prometric exam to receive the E|CIH certification.

Who Should Attend

  • This course will significantly benefit incident handlers, risk assessment administrators, penetration testers, cyber forensic investigators, venerability assessment auditors, system administrators, system engineers, firewall administrators, network managers, IT managers, IT professionals and anyone who is interested in incident handling and response.

 

Module 01: Introduction to Incident Response and Handling

  • Cyber Incident Statistics
  • Computer Security Incident
  • Information as Business Asset
  • Data Classification
  • Common Terminologies
  • Information Warfare
  • Key Concepts of Information Security
  • Vulnerability, Threat, and Attack
  • Types of Computer Security Incidents
  • Examples of Computer Security Incidents
  • Verizon Data Breach Investigations Report – 2008
  • Incidents That Required the Execution of Disaster Recovery Plans
  • Signs of an Incident
  • Incident Categories
  • Incident Prioritization
  • Incident Response
  • Incident Handling
  • Use of Disaster Recovery Technologies
  • Impact of Virtualization on Incident Response and Handling
  • Estimating Cost of an Incident
  • Key Findings of Symantec Global Disaster Recovery Survey - 2009
  • Incident Reporting
  • Incident Reporting Organizations
  • Vulnerability Resources

Module 02: Risk Assessment

  • Risk
  • Risk Policy
  • Risk Assessment
  • NIST’s Risk Assessment Methodology
  • Steps to Assess Risks at Work Place
  • Risk Analysis o Need for Risk Analysis
  • Cost/Benefit Analysis
  • NIST Approach for Control Implementation
  • Residual Risk
  • Risk Management Tools
  • Module 03: Incident Response and Handling Steps
  • How to Identify an Incident
  • Handling Incidents
  • Need for Incident Response
  • Goals of Incident Response
  • Incident Response Plan
  • Incident Response and Handling Steps
  • Training and Awareness
  • Security Awareness and Training Checklist
  • Incident Management o Purpose of Incident Management o Incident Management Process o Incident Management Team
  • Incident Response Team o Incident Response Team Members o Incident Response Team Members Roles and Responsibilities
  • Incident Response Best Practices
  • Incident Response Policy
  • Incident Response Plan Checklist
  • Incident Handling System: RTIR
  • RPIER 1st Responder Framework
  • What is CSIRT?
  • What is the Need of an Incident Response Team (IRT)
  • CSIRT Goals and Strategy
  • CSIRT Vision
  • Common Names of CSIRT
  • CSIRT Mission Statement
  • CSIRT Constituency
  • CSIRT Place in the Organization
  • CSIRT Relationship with Peers
  • Types of CSIRT Environments
  • Best Practices for creating a CSIRT
  • Role of CSIRTs
  • Roles in an Incident Response Team
  • CSIRT Services o Reactive Services o Proactive Services
  • CSIRT Policies and Procedures
  • How CSIRT Handles a Case
  • CSIRT Incident Report Form
  • Incident Tracking and Reporting Systems
  • CERT
  • CERT-CC
  • CERT(R) Coordination Center: Incident Reporting Form
  • CERT:OCTAVE
  • World CERTs
  • IRTs Around the World

Module 04: Handling Network Security Incidents

  • Denial-of-Service Incidents
  • Distributed Denial-of-Service Attack
  • Detecting DoS Attack
  • Incident Handling Preparation for DoS
  • Unauthorized Access Incident
  • Inappropriate Usage Incidents
  • Multiple Component Incidents
  • Network Traffic Monitoring Tools
  • Network Auditing Tools
  • Network Protection Tools
  • Count of Malware Samples
  • Virus
  • Worms
  • Trojans and Spywares
  • Incident Handling Preparation
  • Incident Prevention
  • Detection of Malicious Code
  • Containment Strategy
  • Evidence Gathering and Handling
  • Eradication and Recovery
  • Recommendations
  • Antivirus Systems
  • Insider Threats
  • Anatomy of an Insider Attack
  • Insider Risk Matrix
  • Insider Threats Detection
  • Insider Threats Response
  • Insider’s Incident Response Plan
  • Guidelines for Detecting and Preventing Insider Threats
  • Employee Monitoring Tools
  • Computer Forensics
  • Objectives of Forensics Analysis
  • Role of Forensics Analysis in Incident Response
  • Forensic Readiness
  • Forensic Readiness And Business Continuity
  • Types of Computer Forensics
  • Computer Forensic Investigator
  • People Involved in Computer Forensics
  • Computer Forensics Process
  • Digital Evidence
  • Characteristics of Digital Evidence
  • Collecting Electronic Evidence
  • Challenging Aspects of Digital Evidence
  • Forensic Policy
  • Forensics in the Information System Life Cycle
  • Forensic Analysis Guidelines
  • Forensics Analysis Tools
  • Incident Reporting
  • Why to Report an Incident
  • Why Organizations do not Report Computer Crimes
  • Whom to Report an Incident
  • How to Report an Incident
  • Details to be Reported
  • Preliminary Information Security Incident Reporting Form
  • CERT Incident Reference Numbers
  • Contact Information o Sample Report Showing Contact Information
  • Summary of Hosts Involved
  • Description of the Activity
  • Log Extracts Showing the Activity
  • Time Zone
  • Federal Agency Incident Categories
  • Organizations to Report Computer Incident
  • Incident Reporting Guidelines
  • Sample Incident Reporting Form
  • Sample Post Incident Report Form

Module 5: Incident Recovery

  • Incident Recovery
  • Principles of Incident Recovery
  • Incident Recovery Steps
  • Contingency/Continuity of Operations Planning
  • Business Continuity Planning
  • Incident Recovery Plan
  • Incident Recovery Planning Process
  • Security Policy
  • Key Elements of Security Policy
  • Goals of a Security Policy
  • Characteristics of a Security Policy
  • Design of Security Policy
  • Implementing Security Policies
  • Acceptable Use Policy (AUP)
  • Access Control Policy o Sample Access Control Policy o Importance of Access Control Policies
  • Asset Control Policy
  • Audit Trail Policy
  • Logging Policy o Importance of Logging Policies
  • Documentation Policy
  • Evidence Collection Policy
  • Evidence Preservation Policy
  • Information Security Policy o Information Security Policy: University of California
  • National Information Assurance Certification & Accreditation Process (NIACAP) Policy
  • Physical Security Policy
  • Physical Security Guidelines
  • Personnel Security Policies & Guidance
  • Law and Incident Handling
  • Laws and Acts
  • Intellectual Property Laws o Intellectual Property