cyber security Incident Response and Incident Handling

Cyber Security Incident Handling and Response

Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery

About this cyber security Incident Response Course

This course is part of the (ISC)² Systems Security Certified Practitioner (SSCP)

cyber security Incident Response, Risk Identification, Monitoring, and Analysis:

In the Risk Identification, Monitoring, and Analysis session, you will learn how to identify, measure, and control losses associated with adverse events.

You will review, analyze, select, and evaluate safeguards for mitigating risk.You will learn processes for collecting information, providing methods of identifying security events, assigning priority levels, taking the appropriate actions, and reporting the findings to the correct individuals.

After collection of the details from monitoring, we can analyze to determine if the system is being operated in accordance with accepted industry practices, and in compliance with organization policies and procedures.

Incident Response and Recovery:

In the Incident Response and Recovery Session, you will gain an understanding of how to handle incidents using consistent, applied approaches in order to resolve.

Once an incident is identified, action will be necessary in order to resolve. We will examine processes such as damage recovery, data integrity and preservation, and the collection, handling, reporting, and prevention.

You will be introduced to the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) concepts and how they can be utilized in order to mitigate damages, recover business operations, and avoid critical business interruption.

Through the use of the DRP, you will understand the procedures for emergency response and post-disaster recovery.

Course Objectives

1. Describe the risk management process

2. Perform security assessment activities

3. Describe processes for operating and maintaining monitoring systems

4. Identify events of interest

5. Describe the various source systems

6. Interpret reporting findings from monitoring results

7. Describe the incident handling process

8. Contribute to the incident handling process based upon role within the organization

9. Describe the supporting role in forensics investigation processes

10. Describe the supporting role in the business continuity planning process

11. Describe the supporting role in the disaster recovery planning process

———————————————————————– cyber security Incident Response

Flexible deadlines

Reset deadlines in accordance to your schedule.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Course 3 of 6 in the(ISC)² Systems Security Certified Practitioner (SSCP)

Beginner Level

Approx. 23 hours to complete


Subtitles: English(ISC)² Education & Training7 Courses

Offered by

Understand the Risk Management Process

Module Topic: Risk Visibility and Reporting, Risk management Concepts, Risk Assessment, Risk Treatment, Audit Findings.

In Risk visibility and Reporting, you will learn about risk register, creating a risk register, risk register, and risk management steps.

In Risk Management Concepts, you will learn about, key terms, and generic risk model with key factors – NIST SP 800-30 R1.

In risk Assessment, you will learn about NIST SP 800- 30 R1 risk assessment methodology,

Step 1. prepare for the assessment,

Step 2. conduct the assessment,

Step 2a. identify threat sources,

step 2b. identify potential threat events,

step 2c. identify vulnerabilities and predisposing conditions,

step 2d. determine likelihood,

step 2e. determine impact,

step 2f. risk determination, risk level matrix, risk levels,

step 3. communicating and sharing risk assessment information,

step 4. maintaining the risk assessment, and risk assessment activity.

In Risk Treatment, you will learn about, risk mitigation, example control: passwords, control selection, residual risk, risk transference, risk avoidance, and risk acceptance.

In audit Findings, you will learn about auditors, types of audits, audit methodologies, auditor responsibilities, audit scope, documentation, and response to audit.

14 videos (Total 84 min), 14 readings, 1 quiz

———————————————————– cyber security Incident Response


4 hours to complete

Perform Security Assessment Activities

Module Topics:

Participate in Security and Test Results, Penetration Testing. In Participate in Security and Test Result.

you will learn about vulnerability scanning and analysis, vulnerability testing software categories, vulnerability testing qualities, potential problems, host scanning, host security considerations, traffic types, security gateway types, wireless networking testing, potential security issues, searching for rogue access points, locking down the enterprise, wireless tools, war dialing, and war driving.

In Penetration Testing you will learn about penetration testing modes, white box / hat, gray box / hat, black box / hat,

phase 1: preparation, reporting,

phase 2: reconnaissance and network mapping techniques, reconnaissance, social engineering and low-tech reconnaissance, whois attacks, DNS zone transfers, network mapping, network mapping techniques, firewalking, basic built-in tools,

phase 3: information evaluation and risk analysis,

phase 4: active penetration, phase 5: analysis and reporting, penetration testing high-level steps.

11 videos (Total 73 min), 11 readings, 1 quiz

——————————————————– cyber security Incident Response


Operate and Maintain Monitoring Systems & Analyze and Report Monitoring Results

Module Topics: Events of Interest, Logging, source Systems, Security Analytics, metrics, and Trends, Visualization, Event Data Analysis, Communication of Findings.

In Events of Interest you will learn about, monitoring terminology, Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), comparing IDS and IPS, types of IDS/IPS devices, deploying HIDS and NIDS, implementation issues for monitoring, monitoring control, other considerations, sample questions to consider, collecting data for incident response, monitoring response techniques, attackers, attacker motivations, intrusions, events, types of monitoring, and file integrity checkers, continuous/compliance monitoring.

In Logging, you will learn about reviewing host logs, reviewing incident logs, log anomalies, log management, clipping levels, filtering, log consolidation, log retention, centralized logging (syslog and log aggregation), syslog, distributed log collectors, hosted logging services, configuring event sources (s-flow, NetFlow, sniffer), Cosco NetFlow.

What is an IP Flow, IP packet attributes, understanding network behavior, how to access the data produced by NetFlow, How does the router or switch determine which flows to export to the NetFlow collector server, format of the export data, sFlow.

event correlation systems (security, information, and event management (SIEM)), SIEM functions, compliance, enhanced network security and improved IT/security operations, and full packet capture.

In Source System, you will learn about comprehensive application, middleware, OS, and infrastructure monitoring, hyper capabilities, and operations manager. Analyze and Report Monitoring: In Security Analytics, Metrics, and Trends.

you will learn about security baseline, network security baseline, metrics and analysis (MA), systems security engineering capability maturity model (SSE-CMM), and potential metrics.

In visualization topic, you will learn about data visualization tools. In Event Data Analysis, you will learn about logs, log management, log management recommendations, and Potential uses of server log data. In Communication of Findings, you will learn about checklist for report writers and reviewers.

12 videos (Total 75 min), 12 readings, 1 quiz



4 hours to complete

Incident Response and Recovery

Module Topics: Preparation, Detection and Analysis, Containment, Eradication, and Recovery, Post-Incident Activity, Implementation of Countermeasures.

In Introduction, you will learn about incident response, and basic definitions. In preparation, you will learn about elements of an incident response policy, incident response plan, training, incident response tools, communication planning, communication with law enforcement, media, requirements for effective incident handling, the incident response team, core team areas, centralized and decentralized teams, team structure, team conditions that support success, and other considerations.

Detection and Analysis:

you will learn about Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), types of intrusion systems, intrusion detection techniques, false positives and false negatives, anti-malware systems, security information event management (SIEM), Incident analysis, packet sniffers, Inline SSL decryption devices, incident documentation, records, assessing risk, response, containment strategy considerations, Delaying containment, areas of focus, defining an incident, triage, and notification.

In Containment, Eradication, and Recovery, you will learn about common containment activities, and eradication.

In post-incident activity, you will learn about effective incident response. In implementation of Countermeasures, you will learn about implementation steps.

13 videos (Total 77 min), 13 readings, 1 quiz


  • WEEK5
  • 5 hours to completeUnderstand and Support Forensic Investigations & Business Continuity and Disaster Recovery PlanModule Topic: Forensic Investigations, Emergency Response Plans and Procedures, Disaster Recovery Planning, Interim or Alternate processing Strategies, Backup and Redundancy Implementation, System and Data Availability, Testing and Drills.
  • Understand and Support Forensic Investigations: In Forensic Investigations, you will learn about crime scene, live evidence, Locard’s principle, criminal behavior, incident response team, general guidelines, rules of thumb, evidence gathering, Hash algorithms, criminal charges, documentation, five rules of evidence, media analysis, network analysis, software analysis, author identification, content analysis, context analysis, hardware/embedded device analysis, NIST recommendations, and incident response.
  • Understand and Support Business Continuity Plan: In Emergency Response Plans and Procedures, you will learn about business continuity planning, establish a business continuity program, Business Impact Analysis (BIA), key concepts, maximum tolerable downtime (MTD), Recovery Time Objective (RTO), Recovery Point Objective (RPO), Financial and Nonfinancial impacts, stakeholder input, BIA completion process, BIA project stages, Identify critical IT resources, Identify disruption impacts, and development recovery priorities.
  • In Disaster Recovery Planning, you will learn about Identity types of potential disasters, assets, personnel considerations, and related documents.
  • In Interim or Alternate Processing Strategies, you will learn about cold site, warm site, hot site, multiple processing sites, and mobile sites.
  • In Backup and Redundancy Implementation, you will learn about full backup, differential backup, incremental backup, evaluating alternatives, Off-site storage, electronic vaulting, and remote journaling.
  • In System and Data Availability, you will learn about clustering, high-availability clustering, load-balancing clustering, redundant array of independent disks (RAID), data redundancy techniques, and RAID levels.
  • In Testing and Drills, you will learn about checklist test, structured walkthrough test, simulation testing, parallel testing, full interruption testing, and plan review and maintenance.
  • 18 videos (Total 106 min), 18 readings, 1 quizWEEK61 hour to completeCase StudyThis assignment is based on a case study that will require the student to put into practice the knowledge they have gained through the course.
  • It requires the basic understanding of the topics and the ability to relate those topics to the real world.
  • The objective of review is to determine whether the student has understood the concepts and has performed the necessary analysis to ensure a complete and thorough answer.
About the (ISC)² Systems Security Certified Practitioner (SSCP)

Pursue better IT security job opportunities and prove knowledge with confidence. The SSCP Professional Training Certificate shows employers you have the IT security foundation to defend against cyber attacks – and puts you on a clear path to earning SSCP certification.

Learn on your own schedule with 120-day access to content aligned with the latest (ISC)2 SSCP exam domains. We’re offering the complete online self-paced program for only $1,000 – a $200 savings when you get all domains bundled together.

3 Steps to Career Advancement

1. Register for the course

2. Gain access for 120 days

3. Register and sit for the SSCP certification exam.

Upon completing the SSCP Professional Certificate,

you will:

1. Complete six courses of preparing you to sit for the Systems Security Certified Practitioner (SSCP) certification exam as outlined below.

Course 1 – Access Controls

Course 2 – Security Operations and Administration

Course 3 – Risk Identification, Monitoring, and Analysis/Incident Response and Recovery

Course 4 – Cryptography

Course 5 – Network and Communication Security

Course 6 – Systems and Application Security

2. Receive a certificate of program completion.

3. Understand how to implement, monitor and administer an organization’s IT infrastructure in accordance with security policies and procedures that ensure data confidentiality, integrity and availability.

Start Learning Today

Taught by top companies and universitiesAffordable programsApply your skills with hands-on projectsLearn on your own scheduleCourse videos and readingsGraded quizzes and assignmentsNo degree or experience required for many programsShareable Certificate upon completion

4,026 already enrolledShareable on


You can share your Certificate in the Certifications section of your LinkedIn profile, on printed resumes, CVs, or other documents.

Get the course NOW!



No posts found!


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.