Course info
Jan 30, 2018
1h 3m

Cybersecurity thought leaders accept that every organization will suffer security incidents. In this course, Incident Detection and Response: The Big Picture, you will learn to detect and respond to security incidents before they occur to minimize damage to your organization. First, you will learn all about how to detect incidents. Next, you will explore the key activities you need to undertake when responding to a security incident. Finally, you will learn what it takes to prepare now before you are faced with the task of responding to an incident. By the end of this course, you will be more prepared prior to an incident occurring, to ensure a better outcome for your organization.

About the author
About the author

Richard has worked for over 20 years in various technology management roles working in card payments and regulated financial sectors. He spent several years deploying niche payment card solutions in Europe and more recently as CIO, serving the US mortgage sector. Richard specializes in IT Risk and Information Security management.

More from the author
Security Compliance: The Big Picture
1h 42m
Feb 12, 2019
More courses by Richard Harpur
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi there, my name is Richard Harpur, and welcome to my course, Incident Detection and Response, The Big Picture. In this course, you're going to learn all the concepts required for performing incident detection and responding to incidents in your environment. A director of the FBI once said, there are two types of companies, those who have been hacked and those that will be. He said this back in 2012, but as we are seeing now, with such a surge in data breaches, we have to agree with this statement. Every organization is gearing up to respond to inevitable security breaches. Therefore, having the knowledge of security incident detection and response is critical for everyone working in cybersecurity today. In this course, you're going to learn the skills necessary for incident detection and response. I'm going to teach you the key concepts involved. This will help you to minimize damage and avoid mistakes when it's your turn to deal with a security incident. As we progress through this course, you will learn the differences between security events and security incidents, where detection and response sit within the incident response life cycle, you're going to learn about common data sources for good incident detection, what indicators of compromise are, where to source them, and how to use them. I will walk you through a typical security operation team configuration, so if you're thinking of working within a SOCK environment, as a security analyst, this will help you to understand how a SOCK operates. By the end of this course, you'll have a full picture, the big picture, of the activities involved in incident detection and response, and key techniques to help you in your incident response. And the best part, you don't need to have any prior knowledge or tools in order to complete this course. Just jump straight in and start learning. I hope you join me on this journey, Incident Detection and Response, The Big Picture, at Pluralsight.

Why Have Security Incident Response?
You might remember in the earlier module we covered a lot of the main concepts and terminology in relation to cyber security, incident detection and response. This module is a little bit shorter and is going to focus purely on the why. Why have security incident response in your organization? We're going to look at some great examples. So let's have a look at what's coming up in this module. In this module we're going to look at some of the benefits of having a formalized incident detection and response team or process within your organization. It's not enough nowadays to leave these things to chance. You need to have a formalized methodology for incident detection and response in order to ensure that incidents are handled for the best possible outcome. We're going to look at the specialist incident response firms. There are certain categories of organizations that specialize in helping companies when a breach has occurred. We're going to look at why this might be a good thing to consider. After that we're going to look at two examples. One being a good incident detection and response example from a real world situation. And the second, a rather poor incident detection and response example which gives us many lessons to learn to improve our own incident detection and response processes. So let's get started.

Incident Detection
Now that we've got our foundation knowledge, we're going to roll up our sleeves and look specifically at the how, how do we do incident detection? That's what we're going to cover in this module. Let's have a look at what's coming up. In this module we're going to look at what incident detection actually means from a hands-on perspective. Then we're going to look at data sources that you can use in your incident detection process. There are some critical data sources that should be in everyone's toolbox for incident detection. Finally, we're going to look at indicators of compromise or IOCs. This is a common terminology in the industry and you need to be aware of it in order to carry out your incident detection professionally. Finally, we're going wrap up this module with something that I really like to do in these courses and that's to apply some of the knowledge that we've learned to a real-world example. So, we're going to look at a case study from Globomantics, a fictitious company. It will be great to take what you've learned so far in this course and start to apply it to this case study example. A lot to do so let's get started.

Incident Analysis
In this module, we're going to cover the second step in our process. We have detected an incident, now the next step is to analyze that incident to determine how we should respond. In this module, we're going to look at what the activities are that you need to undertake in the incident analysis stage. We're going to look at the importance of triage, and also look at improving your threat intelligence. Finally, we're going to wrap up this module by looking at the different types of analysis you might need to undertake. So let's get started with the role of incident analysis.

Incident Response
Welcome to this module Incident Response. In this module, we're going to take a look at the response activities that are typical when you're responding to a security event. Let's have a look at what's coming up. We're going to cover the key response activities that are involved in responding to a security incident. Four of the key activities include containment, which is all about minimizing damage to our organization. Preservation of evidence, which is essential if you foresee law enforcement or a court case resulting from the breach. Eradication of the source of the attack. Sometimes it can be difficult to identify where an attack has come from, but it is essential to understand this in order to clean up and recover from the attack, which brings us to restoring secure operations, restoring the integrity of your systems and ensuring you have confidence to continue to operate. We're then going to wrap up this module and also I'm going to complete the course by providing some pointers to you in where you should look next to continue with your learning. So let's get started.