À propos de ce cours : Risk Identification, Monitoring, and Analysis: In the Risk Identification, Monitoring, and Analysis session, you will learn how to identify, measure, and control losses associated with adverse events. You will review, analyze, select, and evaluate safeguards for mitigating risk.You will learn processes for collecting information, providing methods of identifying security events, assigning priority levels, taking the appropriate actions, and reporting the findings to the correct individuals. After collection of the details from monitoring, we can analyze to determine if the system is being operated in accordance with accepted industry practices, and in compliance with organization policies and procedures. Incident Response and Recovery: In the Incident Response and Recovery Session, you will gain an understanding of how to handle incidents using consistent, applied approaches in order to resolve. Once an incident is identified, action will be necessary in order to resolve. We will examine processes such as damage recovery, data integrity and preservation, and the collection, handling, reporting, and prevention. You will be introduced to the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) concepts and how they can be utilized in order to mitigate damages, recover business operations, and avoid critical business interruption. Through the use of the DRP, you will understand the procedures for emergency response and post-disaster recovery. Course Objectives 1. Describe the risk management process 2. Perform security assessment activities 3. Describe processes for operating and maintaining monitoring systems 4. Identify events of interest 5. Describe the various source systems 6. Interpret reporting findings from monitoring results 7. Describe the incident handling process 8. Contribute to the incident handling process based upon role within the organization 9. Describe the supporting role in forensics investigation processes 10. Describe the supporting role in the business continuity planning process 11. Describe the supporting role in the disaster recovery planning process

Créé par : (ISC)²

Enseigné par : (ISC)² Education & Training
Education & Training

0

Informations de base	Cours 3 de 6 dans (ISC)² Systems Security Certified Practitioner (SSCP) Specialization
Niveau	Beginner
Langue	English
Comment réussir	Réussissez tous les devoirs notés pour terminer le cours.

Prévisualiser

Programme de cours

SEMAINE 1

Understand the Risk Management Process

Module Topic: Risk Visibility and Reporting, Risk management Concepts, Risk Assessment, Risk Treatment, Audit Findings. In Risk visibility and Reporting, you will learn about risk register, creating a risk register, risk register, and risk management steps. In Risk Management Concepts, you will learn about, key terms, and generic risk model with key factors - NIST SP 800-30 R1. In risk Assessment, you will learn about NIST SP 800- 30 R1 risk assessment methodology, Step 1. prepare for the assessment, Step 2. conduct the assessment, Step 2a. identify threat sources, step 2b. identify potential threat events, step 2c. identify vulnerabilities and predisposing conditions, step 2d. determine likelihood, step 2e. determine impact, step 2f. risk determination, risk level matrix, risk levels, step 3. communicating and sharing risk assessment information, step 4. maintaining the risk assessment, and risk assessment activity. In Risk Treatment, you will learn about, risk mitigation, example control: passwords, control selection, residual risk, risk transference, risk avoidance, and risk acceptance. In audit Findings, you will learn about auditors, types of audits, audit methodologies, auditor responsibilities, audit scope, documentation, and response to audit.

14 vidéos, 14 lectures

Discussion Prompt: Today's Risk
Reading: Risk Management Process: Risk Visibility and Reporting
Vidéo: Risk Management Process: Creating a Risk Register
Reading: Risk Management Process: Creating a Risk Register
Vidéo: Risk Management Process: Risk Register Risk Management Steps
Reading: Risk Management Process: Risk Register Risk Management Steps
Vidéo: Risk Management Process: Key Terms
Reading: Risk Management Process: Key Terms
Vidéo: Risk Management Process: Key Terms
Reading: Risk Management Process: Key Terms
Vidéo: Risk Management Process: Risk Assessment
Reading: Risk Management Process: Risk Assessment
Vidéo: Risk Management Process: Preparation Steps
Reading: Risk Management Process: Preparation Steps
Vidéo: Risk Management Process: Step 2b
Reading: Risk Management Process: Step 2b
Vidéo: Risk Management Process: Quantitative Analysis
Reading: Risk Management Process: Quantitative Analysis
Vidéo: Risk Management Process: Qualitative Analysis
Reading: Risk Management Process: Qualitative Analysis
Vidéo: Risk Management Process: Step 3
Reading: Risk Management Process: Step 3
Vidéo: Risk Management Process: Risk Treatment
Reading: Risk Management Process: Risk Treatment
Vidéo: Risk Management Process: Risk Avoidance
Reading: Risk Management Process: Risk Avoidance
Vidéo: Risk Management Process: Type of Audits
Reading: Risk Management Process: Type of Audits
Discussion Prompt: Discussion: Identifying Risk

Noté: Quiz 1

SEMAINE 2

Perform Security Assessment Activities

Module Topics: Participate in Security and Test Results, Penetration Testing. In Participate in Security and Test Results, you will learn about vulnerability scanning and analysis, vulnerability testing software categories, vulnerability testing qualities, potential problems, host scanning, host security considerations, traffic types, security gateway types, wireless networking testing, potential security issues, searching for rogue access points, locking down the enterprise, wireless tools, war dialing, and war driving. In Penetration Testing you will learn about penetration testing modes, white box / hat, gray box / hat, black box / hat, phase 1: preparation, reporting, phase 2: reconnaissance and network mapping techniques, reconnaissance, social engineering and low-tech reconnaissance, whois attacks, DNS zone transfers, network mapping, network mapping techniques, firewalking, basic built-in tools, phase 3: information evaluation and risk analysis, phase 4: active penetration, phase 5: analysis and reporting, penetration testing high-level steps.

11 vidéos, 11 lectures

Reading: Security Assessment Activities: Participate in Security and Test Results
Vidéo: Security Assessment Activities: Potential Problems
Reading: Security Assessment Activities: Potential Problems
Vidéo: Assessment Activities: Security Gateway Types
Reading: Assessment Activities: Security Gateway Types
Vidéo: Security Assessment Activities: Potential Security Issues
Reading: Security Assessment Activities: Potential Security Issues
Vidéo: Security Assessment Activities: Penetration Testing
Reading: Security Assessment Activities: Penetration Testing
Vidéo: Security Assessment Activities: White Box / Hat
Reading: Security Assessment Activities: White Box / Hat
Vidéo: Security Assessment Activities: Reconnaissance
Reading: Security Assessment Activities: Reconnaissance
Vidéo: Security Assessment Activities: DNS Zone Transfers
Reading: Security Assessment Activities: DNS Zone Transfers
Vidéo: Security Assessment Activities: Network Mapping Techniques
Reading: Security Assessment Activities: Network Mapping Techniques
Vidéo: Security Assessment Activities: Firewalking
Reading: Security Assessment Activities: Firewalking
Vidéo: Security Assessment Activities: Active Penetration
Reading: Security Assessment Activities: Active Penetration
Discussion Prompt: Discussion: Benefits of Security Investment

Noté: Quiz 2

SEMAINE 3

Operate and Maintain Monitoring Systems & Analyze and Report Monitoring Results

Module Topics: Events of Interest, Logging, source Systems, Security Analytics, metrics, and Trends, Visualization, Event Data Analysis, Communication of Findings. In Events of Interest you will learn about, monitoring terminology, Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), comparing IDS and IPS, types of IDS/IPS devices, deploying HIDS and NIDS, implementation issues for monitoring, monitoring control, other considerations, sample questions to consider, collecting data for incident response, monitoring response techniques, attackers, attacker motivations, intrusions, events, types of monitoring, and file integrity checkers, continuous/compliance monitoring. In Logging, you will learn about reviewing host logs, reviewing incident logs, log anomalies, log management, clipping levels, filtering, log consolidation, log retention, centralized logging (syslog and log aggregation), syslog, distributed log collectors, hosted logging services, configuring event sources (s-flow, NetFlow, sniffer), Cosco NetFlow, What is an IP Flow, IP packet attributes, understanding network behavior, how to access the data produced by NetFlow, How does the router or switch determine which flows to export to the NetFlow collector server, format of the export data, sFlow, event correlation systems (security, information, and event management (SIEM)), SIEM functions, compliance, enhanced network security and improved IT/security operations, and full packet capture. In Source System, you will learn about comprehensive application, middleware, OS, and infrastructure monitoring, hyper capabilities, and operations manager. Analyze and Report Monitoring: In Security Analytics, Metrics, and Trends, you will learn about security baseline, network security baseline, metrics and analysis (MA), systems security engineering capability maturity model (SSE-CMM), and potential metrics. In visualization topic, you will learn about data visualization tools. In Event Data Analysis, you will learn about logs, log management, log management recommendations, and Potential uses of server log data. In Communication of Findings, you will learn about checklist for report writers and reviewers.

12 vidéos, 12 lectures

Reading: Monitoring Systems: Monitoring Terminology
Vidéo: Monitoring Systems: IDS/IPS
Reading: Monitoring Systems: IDS/IPS
Vidéo: Monitoring Systems: Implementation Issues for Monitoring
Reading: Monitoring Systems: Implementation Issues for Monitoring
Vidéo: Maintain Monitoring Systems: Sample Questions
Reading: Maintain Monitoring Systems: Sample Questions
Vidéo: Maintain Monitoring Systems: Attacker Motivations
Reading: Maintain Monitoring Systems: Attacker Motivations
Vidéo: Maintain Monitoring Systems: Logging
Reading: Maintain Monitoring Systems: Logging
Vidéo: Maintain Monitoring Systems: Log Anomalies
Reading: Maintain Monitoring Systems: Log Anomalies
Vidéo: Maintain Monitoring Systems: Log Retention
Reading: Maintain Monitoring Systems: Log Retention
Vidéo: Monitoring Systems: Compliance
Reading: Monitoring Systems: Compliance
Vidéo: Monitoring Results: Security Baseline
Reading: Monitoring Results: Security Baseline
Vidéo: Monitoring Results: SSE-CMM
Reading: Monitoring Results: SSE-CMM
Vidéo: Monitoring Results: Potential Uses of Server Log Data
Reading: Monitoring Results: Potential Uses of Server Log Data
Discussion Prompt: Discussion: key Areas

Noté: Quiz 3

SEMAINE 4

Incident Response and Recovery

Module Topics: Preparation, Detection and Analysis, Containment, Eradication, and Recovery, Post-Incident Activity, Implementation of Countermeasures. In Introduction, you will learn about incident response, and basic definitions. In preparation, you will learn about elements of an incident response policy, incident response plan, training, incident response tools, communication planning, communication with law enforcement, media, requirements for effective incident handling, the incident response team, core team areas, centralized and decentralized teams, team structure, team conditions that support success, and other considerations. In Detection and Analysis, you will learn about Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), types of intrusion systems, intrusion detection techniques, false positives and false negatives, anti-malware systems, security information event management (SIEM), Incident analysis, packet sniffers, Inline SSL decryption devices, incident documentation, records, assessing risk, response, containment strategy considerations, Delaying containment, areas of focus, defining an incident, triage, and notification. In Containment, Eradication, and Recovery, you will learn about common containment activities, and eradication. In post-incident activity, you will learn about effective incident response. In implementation of Countermeasures, you will learn about implementation steps.

13 vidéos, 13 lectures

Reading: Incident Handling: Incident Response
Vidéo: Incident Handling: Preparation
Reading: Incident Handling: Preparation
Vidéo: Incident Handling: Training
Reading: Incident Handling: Training
Vidéo: Incident Handling: Communication Planning
Reading: Incident Handling: Communication Planning
Vidéo: Incident Handling: The Incident Response Team
Reading: Incident Handling: The Incident Response Team
Vidéo: Incident Handling: IDS and IPS
Reading: Incident Handling: IDS and IPS
Vidéo: Incident Handling: Intrusion Detection Techniques
Reading: Incident Handling: Intrusion Detection Techniques
Vidéo: Incident Handling: Anti-Malware Systems
Reading: Incident Handling: Anti-Malware Systems
Vidéo: Incident Handling: Packet Sniffers
Reading: Incident Handling: Packet Sniffers
Vidéo: Incident Handling: SSL Decryption Devices
Reading: Incident Handling: SSL Decryption Devices
Vidéo: Incident Handling: Records
Reading: Incident Handling: Records
Vidéo: Incident Handling: Delaying Containment
Reading: Incident Handling: Delaying Containment
Vidéo: Incident Handling: Containment, Eradication, and Recovery
Reading: Incident Handling: Containment, Eradication, and Recovery

Noté: Quiz 4

SEMAINE 5

Understand and Support Forensic Investigations & Business Continuity and Disaster Recovery Plan

Module Topic: Forensic Investigations, Emergency Response Plans and Procedures, Disaster Recovery Planning, Interim or Alternate processing Strategies, Backup and Redundancy Implementation, System and Data Availability, Testing and Drills. Understand and Support Forensic Investigations: In Forensic Investigations, you will learn about crime scene, live evidence, Locard's principle, criminal behavior, incident response team, general guidelines, rules of thumb, evidence gathering, Hash algorithms, criminal charges, documentation, five rules of evidence, media analysis, network analysis, software analysis, author identification, content analysis, context analysis, hardware/embedded device analysis, NIST recommendations, and incident response. Understand and Support Business Continuity Plan: In Emergency Response Plans and Procedures, you will learn about business continuity planning, establish a business continuity program, Business Impact Analysis (BIA), key concepts, maximum tolerable downtime (MTD), Recovery Time Objective (RTO), Recovery Point Objective (RPO), Financial and Nonfinancial impacts, stakeholder input, BIA completion process, BIA project stages, Identify critical IT resources, Identify disruption impacts, and development recovery priorities. In Disaster Recovery Planning, you will learn about Identity types of potential disasters, assets, personnel considerations, and related documents. In Interim or Alternate Processing Strategies, you will learn about cold site, warm site, hot site, multiple processing sites, and mobile sites. In Backup and Redundancy Implementation, you will learn about full backup, differential backup, incremental backup, evaluating alternatives, Off-site storage, electronic vaulting, and remote journaling. In System and Data Availability, you will learn about clustering, high-availability clustering, load-balancing clustering, redundant array of independent disks (RAID), data redundancy techniques, and RAID levels. In Testing and Drills, you will learn about checklist test, structured walkthrough test, simulation testing, parallel testing, full interruption testing, and plan review and maintenance.

18 vidéos, 18 lectures

Reading: Forensic Investigation: Crime Scene
Vidéo: Forensic Investigation: General Guidelines
Reading: Forensic Investigation: General Guidelines
Vidéo: Forensic Investigation: Hash Algorithms
Reading: Forensic Investigation: Hash Algorithms
Vidéo: BCP and DRP: Emergency Response
Reading: BCP and DRP: Emergency Response
Vidéo: BCP and DRP: Comparing BCP and DRP
Reading: BCP and DRP: Comparing BCP and DRP
Vidéo: BCP and DRP: Business Impact Analysis
Reading: BCP and DRP: Business Impact Analysis
Vidéo: BCP and DRP: Recovery Time Objective
Reading: BCP and DRP: Recovery Time Objective
Vidéo: BCP and DRP: BIA
Reading: BCP and DRP: BIA
Vidéo: BCP and DRP: Business Continuity Activity
Reading: BCP and DRP: Business Continuity Activity
Vidéo: BCP and DRP: Disaster Recovery Planning
Reading: BCP and DRP: Disaster Recovery Planning
Vidéo: BCP and DRP: Related Documents
Reading: BCP and DRP: Related Documents
Vidéo: BCP and DRP: Multiple Processing Sites
Reading: BCP and DRP: Multiple Processing Sites
Vidéo: BCP and DRP: Backup and Redundancy Implementation
Reading: BCP and DRP: Backup and Redundancy Implementation
Vidéo: BCP and DRP: Off-Site Storage
Reading: BCP and DRP: Off-Site Storage
Vidéo: BCP and DRP: RAID Levels
Reading: BCP and DRP: RAID Levels
Vidéo: BCP and DRP: RAID Levels
Reading: BCP and DRP: RAID Levels
Vidéo: BCP and DRP: Testing and Drills
Reading: BCP and DRP: Testing and Drills
Vidéo: BCP and DRP: Full Interruption Testing
Reading: BCP and DRP: Full Interruption Testing

Noté: Quiz 5

SEMAINE 6

Case Study

This assignment is based on a case study that will require the student to put into practice the knowledge they have gained through the course. It requires the basic understanding of the topics and the ability to relate those topics to the real world. The objective of review is to determine whether the student has understood the concepts and has performed the necessary analysis to ensure a complete and thorough answer.

Noté: Risk Response Recovery and Incident Management Case Study

SEMAINE 7

Exam

1 lecture

Reading: SSCP Exam Information

Noté: End-of-Course Exam

FAQ

Puis-je prévisualiser un cours avant de m'inscrire ?

Quand aurai-je accès aux vidéos de cours et aux devoirs ?

À quoi ai-je droit une fois inscrit(e) ?

Que dois-je faire si j'ai besoin de plus de temps pour terminer le cours ?

Quand recevrai-je mon Certificat de Cours ?

Quelle est la politique de remboursement ?

How long does it take to complete the course?

Comment cela fonctionne

Coursework

Each course is like an interactive textbook, featuring pre-recorded videos, quizzes and projects.

Help from Your Peers

Connect with thousands of other learners and debate ideas, discuss course material, and get help mastering concepts.

Certificates

Earn official recognition for your work, and share your success with friends, colleagues, and employers.

Créateurs

(ISC)²

(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. www.isc2.org

Tarification

	Acheter le cours
Accéder au contenu du cours	Disponible
Accéder au contenu noté	Disponible
Recevoir une Note Finale	Disponible
Obtenir un Certificat de Cours partageable	Disponible

Notation et examens

Note moyenne 5 sur 5 sur 1 notes

Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery

Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery