Description
This course provides an in-depth look to define the nature and scope of cyber security incident handling services, including intrusion/incident detection, damage control, service continuity, forensic analysis, service/data restoration, and incident reporting. Material covers policy, planning, operations, and technology issues involved in related cyber incident handling plans; i.e., Business Continuity, Disaster Recovery, and Continuity of Operations. Specific incident types addressed include, natural disasters, denial of service, malicious code, malicious misuse of hardware and firmware, unauthorized access, data compromise and inappropriate use, including insider attacks. Emphasis is given to the detection and analysis of infiltration and exfiltration techniques employed during cyber attacks, thus enabling the incident handler to detect low noise attacks, and to deconstruct particularly insidious attacks. Contains a lab component.