First Responder and Incident Handling ONLINE

Roane State Community College Workforce, Economic Development and Technology Programs - First Responder and Incident Handling ONLINE

This course covers network defense and incident response methods, tactics, and procedures are taught in alignment with industry frameworks such as NIST 800-61 r.2 (Computer Security Incident Handling). It is ideal for candidates who have been tasked with the responsibility of monitoring and detecting security incidents in information systems and networks, and for executing standardized responses to such incidents. The course introduces tools, tactics, and procedures to manage cybersecurity risks, identify various types of common threats, evaluate the organization's security, collect and analyze cybersecurity intelligence and remediate and report incidents as they occur.
 

Lesson 1: Assessment of Information Security Risks

• Topic A: The Importance of Risk Management
• Topic B: Assess Risk
• Topic C: Mitigate Risk
• Topic D: Integrating Documentation into Risk Management

Lesson 2: Analyzing Attacks on Computing and Network Environments

• Topic A: System Hacking Attacks: Assessing the Impact
• Topic B: Web-Based Attacks: Assessing the Impact
• Topic C: Malware: Assessing the Impact
• Topic D: Hijacking and Impersonation Attacks: Assessing the Impact
• Topic E: DoS Incidents: Assessing the Impact
• Topic F: Threats to Mobile Security: Assessing the Impact
• Topic G: Threats to Cloud Security: Assessing the Impact

Lesson 3: Manage Vulnerabilities in the Organization 

• Topic A: Implement a Vulnerability Management Plan 
• Topic B: Examine Common Vulnerabilities
• Topic C: Conduct Vulnerability Scans

Lesson 4: Evaluate Security by Implementing Penetration Testing

• Topic A: Conduct Penetration Tests on Network Assets
• Topic B: Follow Up on Penetration Testing

Lesson 5: Analyze Log Data

• Topic A: Common Tools to Analyze Logs
• Topic B: SIEM Tools for Analysis

Lesson 6: Response to Cybersecurity Incidents

• Topic A: Deployment of Incident Handling and Response Architecture Topic
• Topic B: Containment and Mitigation of Incidents
• Topic C: Preparation for Forensic Investigation as a CSIRT

Lesson 7: Investigating Cybersecurity Incidents

• Topic A: Use a Forensic Investigation Plan
• Topic B: Securely Collect and Analyze Electronic Evidence

Miscellaneous software that will be explored in the course data files:

• Oracle® VM VirtualBox version 5.1.30 (VirtualBox-5.1.30-118389-Win.exe)
• Wireshark version 2.0.1 (Wireshark-win64-2.0.1.exe)
• Snort® version 2.9.8.0 (Snort_2_9_8_0_Installer.exe).
• icmpsh (icmpsh.zip).
• Greenbone Security Manager Community Edition version 4.1.7 (gsm_ce_4.1.7.iso)
• XAMPP version 5.6.15 (xampp-win32-5.6.15-1-VC11-installer.exe).
• SeaMonster version 5 (SeaMonster5_win32.x86.zip).
• OpenSSH for Windows version 7.1 (setupssh-7.1p2-1.exe).
• PuTTY version 0.67 (putty.exe).
• Process Explorer version 16.21 (procexp.exe).
• Splunk® Enterprise version 7.0.2 (splunk-7.0.2-03bbabbd5c0f-x64-release.msi).
• Log Parser version 2.2 (LogParser.msi).
• Log Parser Studio version 2.0 (LPSDV2.D2.zip).

This is an instructor led online course.  The instructor will be with you and available during the entire course.