Paths

Incident Handler (ECIH and GCIH Prep)

Author: Dale Meredith

In this series, you will learn what is needed to help keep your network more secure by being proactive and aware of what is happening in your environment. Next, you will learn... Read more

ECIH and GCIH

It’s not a matter of “if”, but rather “when” an attack is going to happen. With so many threats and vulnerabilities in today's infrastructures, creating an impenetrable framework is nearly impossible. No matter what you know or do, the hard truth is there's no guaranteed way to stop an attacker from penetrating your organization.

In this series, you will learn what is needed to help keep your network more secure by being proactive and aware of what is happening in your environment. Next, you will learn what to do when your system or device has been targeted. When you are finished with this course, you will know how to respond to incidents and mitigate security threats.

Assessing and Mitigating Security Risks

by Dale Meredith

Dec 9, 2016 / 3h 14m

3h 14m

Start Course
Description

With so many threats and vulnerabilities in today's infrastructures, creating an impregnable framework is nearly impossible. Therefore, it is every IT security professionals' responsibility to make important decisions and take action to best safeguard data and assets. In this course, Assessing and Mitigating Security Risks, you will gain an understanding of risk management and how it can enable thoughtful and focused defense strategies. First, you will learn about the landscape, what risk assessment is, and how it can be conducted successfully. Next, you will learn about mitigation and controls. Finally, you will delve into tools and resources that can help your company get a jump start on protecting your network. When you are finished with this course, you will have the knowledge necessary to respond to incidents and mitigate those security threats.

Table of contents
  1. Course Overview1m
  2. What's the Landscape Like?1h 0m
  3. What Is Risk Assessment?29m
  4. Successful Risk Assessments44m
  5. Mitigation and Controls26m
  6. Tools and Tips31m

Performing Incident Response and Handling

by Dale Meredith

Jan 24, 2018 / 5h 19m

5h 19m

Start Course
Description

It’s not a matter of “if”, but rather “when” an attack is going to happen. No matter what you know or do, the hard truth is there's no guaranteed way to stop an attacker from penetrating your organization. Once you’ve accepted that an attack will be unavoidable, your job now becomes "How do I respond to these situations?". This is where the role of an "Incident Responder" comes into play. What do you do when a system or device has been targeted? Well, that depends on the incident itself. In this course, Performing Incident Response and Handling, you'll start by making sure that you and your organization are prepared by learning about each of the security policies that you should have in place to clarify and focus everyone on the importance of keeping your resources secure. First, you'll learn about the actual process of detecting incidents and how to respond to them. Next, you'll explore the actual workflow steps that every security professional should follow to make sure you are consistent with all incidents that are currently affecting you as well as future ones. Finally, you'll dive into some of the more common incidents that take place in your networks by looking at how to handle and respond to issues like a DoS, a Session Hijack, or even Malicious Code. By the end of this course, you'll understand what is needed to help keep your network more secure by being more proactive and aware of what's happening in your environment.

Table of contents
  1. Course Overview3m
  2. Preparing for Incident Response and Handling49m
  3. Incident Response Processes 43m
  4. The Workflow of Incident Response40m
  5. Networks and Host Attacks 59m
  6. Service and Application Attacks 1h 10m
  7. Malicious Code and Insider Threats 53m

Preparing for and Executing Incident Recovery

by Dale Meredith

Mar 19, 2018 / 3h 24m

3h 24m

Start Course
Description

Cybersecurity investigations are used to determine what events, changes, and other actions have happened on a device, who or what performed them, and what data is stored there. In this course, Preparing for and Executing Incident Recovery, you'll leanr how to conduct an investigation, eradicate the incident and how to build out your own CSI (Cyber-Security Investigator) Jump-Bag. First you'll learn how to be ready to conduct your own forensic investigations. Next, you'll learn what computer forensic techniques are used in a variety of scenarios, including police investigations, system misuse, compromise and malware analysis, and investigations related to internal policy violations. Then, you'll learn about how to create your own forensics kit, their contents, and the use of these devices and tools. Finally, you'll be shown some forensic suites and tools that provide you what you'll need to capture and preserve forensics data and to perform forensic investigations. By the end of this course, you will have discovered and developed new skills to tackle many cyber-security scenarios.

Table of contents
  1. Course Overview2m
  2. Your Objectives Here 42m
  3. What Should Be in Your “Jump-bag”?28m
  4. What About the Digital “Jump-bag”45m
  5. Understanding the Incident Recovery Process33m
  6. The Techniques of Recovery: Containment11m
  7. The Techniques of Recovery: Eradication13m
  8. The Techniques of Recovery: Validation and Corrective Actions11m
  9. That’s a Wrap14m

What you will learn

  • Given a network-based threat, how to implement or recommend the appropriate response and countermeasure
  • Analyzing threat data or behavior to determine the impact of an incident
  • Communicating best practices and procedures during the incident response process
  • Summarizing the incident recovery and post-incident response process
  • Conducting forensic investigations
  • Using tools and resources to protect your network
  • Estimating cost of an incident
  • Identifying network security incidents
  • Reacting to insider attacks
  • Employing tools and evidence to determine the kind of malware used in an attack, (rootkits, Trojans, and backdoors and then choosing proper defenses and response tactics
  • Gauging an attacker's techniques that were used to gain access to a system and/or networks and then using that information to anticipate and thwart future attacks

Pre-requisites

Experience managing Windows/Unix/Linux systems. An understanding of common network and security services. A strong desire to understand hacker tools and techniques. A basic understanding of the Windows/Linux Command Line.