Incident Detection and Response
Description
When cyber security controls are circumvented, an organization must respond to cyber incidents. Security operations personnel need to have the skills to systematically neutralize a threat. These steps include formal incident response preparation and planning, threat identification, containment and eradication measures, and implementation of robust controls to mitigate against future compromises.
This module explores the necessary processes and tools used to respond effectively to a detected threat. A structured process of Incident Detection and Response will assist cyber security professionals in proactively searching for cyber security threats. Once detected, this process will ensure that the threat is analysed and neutralised. Information learned from this structured process ensures that cyber security professionals recognise the methods used by current and evolving threats. This module details the preparatory processes that are required in advance, such as incident detection and response policy documentation, teams and communication channels. These processes ensure that detection and reporting structures exist, enabling an organisation to triage a threat and assess its criticality. Containment and threat analysis can be reported back through the process ensuring that post-incident information will aid further detection and strengthen an organisation’s cyber defences
Learning Outcomes
Integrate advanced theoretical knowledge in the development of Incident Detection and Response policies.
Independently evaluate and critically analyse data collection tools, platforms.
Apply current accepted methodologies and frameworks for incident response and detection
Integrate knowledge of malware forensics to identify and manage cyber threats.
Apply accepted methodologies for tackling design issues associated with threat remediation.
Critically evaluate Incident Detection and Response policies in industry specific environments.