Sneak Peek At The IHRP Training Course
What are the mission, structure, scope, activities, and responsibilities of an Incident Handling team? Find out in this sneak peek of the Incident Handling & Response Professional (IHRP) training course and register for an exciting launch webinar on March 26.
What is Incident Handling?
Incident Handling is the well-defined course of action whenever a computer or network security incident occurs.
According to the Computer Security Incident Handling Guide by NIST, only events with negative consequences are considered security incidents.
Such events can be:
- System craches,
- Packet floods,
- Unauthorized use of system privileges,
- Unauthorized access to sensitive data,
- Execution of destructive malware.
The Incident Handling Team’s Responsibilities
Computer Security Incident Response Team (CSIRT) or Security Operations Center (SOC) teams are known to suffer from alert fatigue. This is why professionals need to be aware of which events and alerts deserve their utmost attention.
It should be noted that incident handling is not only about cyber intrusions.
Malicious insiders, availability, and loss of intellectual property all fall under the scope of “Incident Handling” as well.
As an Incident Handler, your daily activities will include discussing how an attacker attempted or managed to break into a system. Since your organization will not be breached everyday, you’ll also be responsible to plan the necessary strategy to prevent, detect, and respond to such attempts.
In this field of work, you should be fully aware of all the possible techniques an attacker might try to get access. Specifically, you should know how to think like an attacker and understand how they operate at all stages of the cyber kill chain.
Then, and only then, can an Incident Handler, be in the position of not only anticipating attacks but also recommending defensive measures against them.
The Incident Handling Methodology
Just like Penetration Testers, Incident Handlers must respect a strict methodology. This methodology exists as a mean to help IR teams and organizations prepare, defend, and respond to all stages of the cyber kill chain and effectively counterattack potential intrusions.
This methodology, also known as the “Incident Response Life Cycle”, counts 4 crucial steps:
- Detection & Analysis
- Containment, Eradication & Recovery
- Post-Incident Activities
Read more about these steps here: “The 4 Steps Of Incident Handling & Response“
The Incident Response life cycle can be seen as a road-map for Incident Handlers to know what they should do, and how to proceed when an intrusion do happens.
Of course, professionals in this field should have extensive blue teaming skills. That’s why we created the Incident Handling & Response Professional training course, IHRP.
The Incident Handling & Response Professional (IHRP) Training Course
With so many threats created faster than ever, it’s no wonder why IT Security professionals are feeling overwhelmed. With the goal of helping relieve some of the stress off their shoulders, the Incident Handling & Response Professional (IHRP) teaches how to:
- Set up an incident handling & response capability
- Analyze how attackers operate
- Identify each technique, tactic, and procedure attackers use
- Detect intrusions or intrusion attempts during all stages of the Cyber Kill Chain
- Analyze traffic, flows, and endpoints, as well as perform correlations and endpoint or protocol analytics
- Use open-source IDS solutions (Snort, Bro, Suricata etc.)
- Making the best of open-source SIEM solutions (ELK stack, Splunk, Osquery etc.)
- Use tactical threat intelligence to enhance your detection capabilities
- Leverage baselines for effective intrusion detection
As you may know, we released a preview of the Incident Handling & Response Professional (IHRP) training course on December 11, 2018. This month, we are launching the final version of this highly practical training course.
Interested in learning how to professionally analyze, handle, and respond to security incidents? Make sure to join us as we launch IHRP on March 26 to receive a special launch offer 😉
… Can’t wait to discover this training course? Click here to get your free trial.
Connect with us on Social Media: