Coursera

  • Arts et humanitésChevron Right
  • BusinessChevron Right
  • InformatiqueChevron Right
  • Science des donnéesChevron Right
  • Technologies de l'informationChevron Right
  • Sciences de la vieChevron Right
  • Mathématiques et logiqueChevron Right
  • Développement personnel
  • Sciences physiques et ingénierieChevron Right
  • Sciences socialesChevron Right
  • Apprentissage des languesChevron Right
  • Diplômes et CertificatsChevron Right
  • Explorez l'intégralité de Coursera
Loupe Copy
  • Parcourir
  • Rechercher
  • For Enterprise
  • Connexion
  • S'inscrire

Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery

Vue d'ensemblePrévisualiserFAQCréateursTarificationNotation et examens
Page d'accueilTechnologies de l'informationSécurité

Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery

(ISC)²

À propos de ce cours : Risk Identification, Monitoring, and Analysis: In the Risk Identification, Monitoring, and Analysis session, you will learn how to identify, measure, and control losses associated with adverse events. You will review, analyze, select, and evaluate safeguards for mitigating risk.You will learn processes for collecting information, providing methods of identifying security events, assigning priority levels, taking the appropriate actions, and reporting the findings to the correct individuals. After collection of the details from monitoring, we can analyze to determine if the system is being operated in accordance with accepted industry practices, and in compliance with organization policies and procedures. Incident Response and Recovery: In the Incident Response and Recovery Session, you will gain an understanding of how to handle incidents using consistent, applied approaches in order to resolve. Once an incident is identified, action will be necessary in order to resolve. We will examine processes such as damage recovery, data integrity and preservation, and the collection, handling, reporting, and prevention. You will be introduced to the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) concepts and how they can be utilized in order to mitigate damages, recover business operations, and avoid critical business interruption. Through the use of the DRP, you will understand the procedures for emergency response and post-disaster recovery. Course Objectives 1. Describe the risk management process 2. Perform security assessment activities 3. Describe processes for operating and maintaining monitoring systems 4. Identify events of interest 5. Describe the various source systems 6. Interpret reporting findings from monitoring results 7. Describe the incident handling process 8. Contribute to the incident handling process based upon role within the organization 9. Describe the supporting role in forensics investigation processes 10. Describe the supporting role in the business continuity planning process 11. Describe the supporting role in the disaster recovery planning process

Créé par :  (ISC)²
(ISC)²
  • (ISC)² Education & Training

    Enseigné par :  (ISC)² Education & Training

    Education & Training
Informations de base
Cours 3 de 6 dans (ISC)² Systems Security Certified Practitioner (SSCP) Specialization
NiveauDébutant
Langue
English
Comment réussirRéussissez tous les devoirs notés pour terminer le cours.
Prévisualiser
Programme de cours
SEMAINE 1
Understand the Risk Management Process
Module Topic: Risk Visibility and Reporting, Risk management Concepts, Risk Assessment, Risk Treatment, Audit Findings. In Risk visibility and Reporting, you will learn about risk register, creating a risk register, risk register, and risk management steps. In Risk Management Concepts, you will learn about, key terms, and generic risk model with key factors - NIST SP 800-30 R1. In risk Assessment, you will learn about NIST SP 800- 30 R1 risk assessment methodology, Step 1. prepare for the assessment, Step 2. conduct the assessment, Step 2a. identify threat sources, step 2b. identify potential threat events, step 2c. identify vulnerabilities and predisposing conditions, step 2d. determine likelihood, step 2e. determine impact, step 2f. risk determination, risk level matrix, risk levels, step 3. communicating and sharing risk assessment information, step 4. maintaining the risk assessment, and risk assessment activity. In Risk Treatment, you will learn about, risk mitigation, example control: passwords, control selection, residual risk, risk transference, risk avoidance, and risk acceptance. In audit Findings, you will learn about auditors, types of audits, audit methodologies, auditor responsibilities, audit scope, documentation, and response to audit.
Stacked File
14 vidéos, 14 lectures
  1. Discussion Prompt: Today's Risk
  2. Vidéo: Risk Management Process: Risk Visibility and Reporting
  3. Reading: Risk Management Process: Risk Visibility and Reporting
  4. Vidéo: Risk Management Process: Creating a Risk Register
  5. Reading: Risk Management Process: Creating a Risk Register
  6. Vidéo: Risk Management Process: Risk Register Risk Management Steps
  7. Reading: Risk Management Process: Risk Register Risk Management Steps
  8. Vidéo: Risk Management Process: Key Terms
  9. Reading: Risk Management Process: Key Terms
  10. Vidéo: Risk Management Process: Key Terms
  11. Reading: Risk Management Process: Key Terms
  12. Vidéo: Risk Management Process: Risk Assessment
  13. Reading: Risk Management Process: Risk Assessment
  14. Vidéo: Risk Management Process: Preparation Steps
  15. Reading: Risk Management Process: Preparation Steps
  16. Vidéo: Risk Management Process: Step 2b
  17. Reading: Risk Management Process: Step 2b
  18. Vidéo: Risk Management Process: Quantitative Analysis
  19. Reading: Risk Management Process: Quantitative Analysis
  20. Vidéo: Risk Management Process: Qualitative Analysis
  21. Reading: Risk Management Process: Qualitative Analysis
  22. Vidéo: Risk Management Process: Step 3
  23. Reading: Risk Management Process: Step 3
  24. Vidéo: Risk Management Process: Risk Treatment
  25. Reading: Risk Management Process: Risk Treatment
  26. Vidéo: Risk Management Process: Risk Avoidance
  27. Reading: Risk Management Process: Risk Avoidance
  28. Vidéo: Risk Management Process: Type of Audits
  29. Reading: Risk Management Process: Type of Audits
  30. Discussion Prompt: Discussion: Identifying Risk
Graded AssignmentNoté: Quiz 1
SEMAINE 2
Perform Security Assessment Activities
Module Topics: Participate in Security and Test Results, Penetration Testing. In Participate in Security and Test Results, you will learn about vulnerability scanning and analysis, vulnerability testing software categories, vulnerability testing qualities, potential problems, host scanning, host security considerations, traffic types, security gateway types, wireless networking testing, potential security issues, searching for rogue access points, locking down the enterprise, wireless tools, war dialing, and war driving. In Penetration Testing you will learn about penetration testing modes, white box / hat, gray box / hat, black box / hat, phase 1: preparation, reporting, phase 2: reconnaissance and network mapping techniques, reconnaissance, social engineering and low-tech reconnaissance, whois attacks, DNS zone transfers, network mapping, network mapping techniques, firewalking, basic built-in tools, phase 3: information evaluation and risk analysis, phase 4: active penetration, phase 5: analysis and reporting, penetration testing high-level steps.
Stacked File
11 vidéos, 11 lectures
  1. Vidéo: Security Assessment Activities: Participate in Security and Test Results
  2. Reading: Security Assessment Activities: Participate in Security and Test Results
  3. Vidéo: Security Assessment Activities: Potential Problems
  4. Reading: Security Assessment Activities: Potential Problems
  5. Vidéo: Assessment Activities: Security Gateway Types
  6. Reading: Assessment Activities: Security Gateway Types
  7. Vidéo: Security Assessment Activities: Potential Security Issues
  8. Reading: Security Assessment Activities: Potential Security Issues
  9. Vidéo: Security Assessment Activities: Penetration Testing
  10. Reading: Security Assessment Activities: Penetration Testing
  11. Vidéo: Security Assessment Activities: White Box / Hat
  12. Reading: Security Assessment Activities: White Box / Hat
  13. Vidéo: Security Assessment Activities: Reconnaissance
  14. Reading: Security Assessment Activities: Reconnaissance
  15. Vidéo: Security Assessment Activities: DNS Zone Transfers
  16. Reading: Security Assessment Activities: DNS Zone Transfers
  17. Vidéo: Security Assessment Activities: Network Mapping Techniques
  18. Reading: Security Assessment Activities: Network Mapping Techniques
  19. Vidéo: Security Assessment Activities: Firewalking
  20. Reading: Security Assessment Activities: Firewalking
  21. Vidéo: Security Assessment Activities: Active Penetration
  22. Reading: Security Assessment Activities: Active Penetration
  23. Discussion Prompt: Discussion: Benefits of Security Investment
Graded AssignmentNoté: Quiz 2
SEMAINE 3
Operate and Maintain Monitoring Systems & Analyze and Report Monitoring Results
Module Topics: Events of Interest, Logging, source Systems, Security Analytics, metrics, and Trends, Visualization, Event Data Analysis, Communication of Findings. In Events of Interest you will learn about, monitoring terminology, Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), comparing IDS and IPS, types of IDS/IPS devices, deploying HIDS and NIDS, implementation issues for monitoring, monitoring control, other considerations, sample questions to consider, collecting data for incident response, monitoring response techniques, attackers, attacker motivations, intrusions, events, types of monitoring, and file integrity checkers, continuous/compliance monitoring. In Logging, you will learn about reviewing host logs, reviewing incident logs, log anomalies, log management, clipping levels, filtering, log consolidation, log retention, centralized logging (syslog and log aggregation), syslog, distributed log collectors, hosted logging services, configuring event sources (s-flow, NetFlow, sniffer), Cosco NetFlow, What is an IP Flow, IP packet attributes, understanding network behavior, how to access the data produced by NetFlow, How does the router or switch determine which flows to export to the NetFlow collector server, format of the export data, sFlow, event correlation systems (security, information, and event management (SIEM)), SIEM functions, compliance, enhanced network security and improved IT/security operations, and full packet capture. In Source System, you will learn about comprehensive application, middleware, OS, and infrastructure monitoring, hyper capabilities, and operations manager. Analyze and Report Monitoring: In Security Analytics, Metrics, and Trends, you will learn about security baseline, network security baseline, metrics and analysis (MA), systems security engineering capability maturity model (SSE-CMM), and potential metrics. In visualization topic, you will learn about data visualization tools. In Event Data Analysis, you will learn about logs, log management, log management recommendations, and Potential uses of server log data. In Communication of Findings, you will learn about checklist for report writers and reviewers.
Stacked File
12 vidéos, 12 lectures
  1. Vidéo: Monitoring Systems: Monitoring Terminology
  2. Reading: Monitoring Systems: Monitoring Terminology
  3. Vidéo: Monitoring Systems: IDS/IPS
  4. Reading: Monitoring Systems: IDS/IPS
  5. Vidéo: Monitoring Systems: Implementation Issues for Monitoring
  6. Reading: Monitoring Systems: Implementation Issues for Monitoring
  7. Vidéo: Maintain Monitoring Systems: Sample Questions
  8. Reading: Maintain Monitoring Systems: Sample Questions
  9. Vidéo: Maintain Monitoring Systems: Attacker Motivations
  10. Reading: Maintain Monitoring Systems: Attacker Motivations
  11. Vidéo: Maintain Monitoring Systems: Logging
  12. Reading: Maintain Monitoring Systems: Logging
  13. Vidéo: Maintain Monitoring Systems: Log Anomalies
  14. Reading: Maintain Monitoring Systems: Log Anomalies
  15. Vidéo: Maintain Monitoring Systems: Log Retention
  16. Reading: Maintain Monitoring Systems: Log Retention
  17. Vidéo: Monitoring Systems: Compliance
  18. Reading: Monitoring Systems: Compliance
  19. Vidéo: Monitoring Results: Security Baseline
  20. Reading: Monitoring Results: Security Baseline
  21. Vidéo: Monitoring Results: SSE-CMM
  22. Reading: Monitoring Results: SSE-CMM
  23. Vidéo: Monitoring Results: Potential Uses of Server Log Data
  24. Reading: Monitoring Results: Potential Uses of Server Log Data
  25. Discussion Prompt: Discussion: key Areas
Graded AssignmentNoté: Quiz 3
SEMAINE 4
Incident Response and Recovery
Module Topics: Preparation, Detection and Analysis, Containment, Eradication, and Recovery, Post-Incident Activity, Implementation of Countermeasures. In Introduction, you will learn about incident response, and basic definitions. In preparation, you will learn about elements of an incident response policy, incident response plan, training, incident response tools, communication planning, communication with law enforcement, media, requirements for effective incident handling, the incident response team, core team areas, centralized and decentralized teams, team structure, team conditions that support success, and other considerations. In Detection and Analysis, you will learn about Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), types of intrusion systems, intrusion detection techniques, false positives and false negatives, anti-malware systems, security information event management (SIEM), Incident analysis, packet sniffers, Inline SSL decryption devices, incident documentation, records, assessing risk, response, containment strategy considerations, Delaying containment, areas of focus, defining an incident, triage, and notification. In Containment, Eradication, and Recovery, you will learn about common containment activities, and eradication. In post-incident activity, you will learn about effective incident response. In implementation of Countermeasures, you will learn about implementation steps.
Stacked File
13 vidéos, 13 lectures
  1. Vidéo: Incident Handling: Incident Response
  2. Reading: Incident Handling: Incident Response
  3. Vidéo: Incident Handling: Preparation
  4. Reading: Incident Handling: Preparation
  5. Vidéo: Incident Handling: Training
  6. Reading: Incident Handling: Training
  7. Vidéo: Incident Handling: Communication Planning
  8. Reading: Incident Handling: Communication Planning
  9. Vidéo: Incident Handling: The Incident Response Team
  10. Reading: Incident Handling: The Incident Response Team
  11. Vidéo: Incident Handling: IDS and IPS
  12. Reading: Incident Handling: IDS and IPS
  13. Vidéo: Incident Handling: Intrusion Detection Techniques
  14. Reading: Incident Handling: Intrusion Detection Techniques
  15. Vidéo: Incident Handling: Anti-Malware Systems
  16. Reading: Incident Handling: Anti-Malware Systems
  17. Vidéo: Incident Handling: Packet Sniffers
  18. Reading: Incident Handling: Packet Sniffers
  19. Vidéo: Incident Handling: SSL Decryption Devices
  20. Reading: Incident Handling: SSL Decryption Devices
  21. Vidéo: Incident Handling: Records
  22. Reading: Incident Handling: Records
  23. Vidéo: Incident Handling: Delaying Containment
  24. Reading: Incident Handling: Delaying Containment
  25. Vidéo: Incident Handling: Containment, Eradication, and Recovery
  26. Reading: Incident Handling: Containment, Eradication, and Recovery
Graded AssignmentNoté: Quiz 4
SEMAINE 5
Understand and Support Forensic Investigations & Business Continuity and Disaster Recovery Plan
Module Topic: Forensic Investigations, Emergency Response Plans and Procedures, Disaster Recovery Planning, Interim or Alternate processing Strategies, Backup and Redundancy Implementation, System and Data Availability, Testing and Drills. Understand and Support Forensic Investigations: In Forensic Investigations, you will learn about crime scene, live evidence, Locard's principle, criminal behavior, incident response team, general guidelines, rules of thumb, evidence gathering, Hash algorithms, criminal charges, documentation, five rules of evidence, media analysis, network analysis, software analysis, author identification, content analysis, context analysis, hardware/embedded device analysis, NIST recommendations, and incident response. Understand and Support Business Continuity Plan: In Emergency Response Plans and Procedures, you will learn about business continuity planning, establish a business continuity program, Business Impact Analysis (BIA), key concepts, maximum tolerable downtime (MTD), Recovery Time Objective (RTO), Recovery Point Objective (RPO), Financial and Nonfinancial impacts, stakeholder input, BIA completion process, BIA project stages, Identify critical IT resources, Identify disruption impacts, and development recovery priorities. In Disaster Recovery Planning, you will learn about Identity types of potential disasters, assets, personnel considerations, and related documents. In Interim or Alternate Processing Strategies, you will learn about cold site, warm site, hot site, multiple processing sites, and mobile sites. In Backup and Redundancy Implementation, you will learn about full backup, differential backup, incremental backup, evaluating alternatives, Off-site storage, electronic vaulting, and remote journaling. In System and Data Availability, you will learn about clustering, high-availability clustering, load-balancing clustering, redundant array of independent disks (RAID), data redundancy techniques, and RAID levels. In Testing and Drills, you will learn about checklist test, structured walkthrough test, simulation testing, parallel testing, full interruption testing, and plan review and maintenance.
Stacked File
18 vidéos, 18 lectures
  1. Vidéo: Forensic Investigation: Crime Scene
  2. Reading: Forensic Investigation: Crime Scene
  3. Vidéo: Forensic Investigation: General Guidelines
  4. Reading: Forensic Investigation: General Guidelines
  5. Vidéo: Forensic Investigation: Hash Algorithms
  6. Reading: Forensic Investigation: Hash Algorithms
  7. Vidéo: BCP and DRP: Emergency Response
  8. Reading: BCP and DRP: Emergency Response
  9. Vidéo: BCP and DRP: Comparing BCP and DRP
  10. Reading: BCP and DRP: Comparing BCP and DRP
  11. Vidéo: BCP and DRP: Business Impact Analysis
  12. Reading: BCP and DRP: Business Impact Analysis
  13. Vidéo: BCP and DRP: Recovery Time Objective
  14. Reading: BCP and DRP: Recovery Time Objective
  15. Vidéo: BCP and DRP: BIA
  16. Reading: BCP and DRP: BIA
  17. Vidéo: BCP and DRP: Business Continuity Activity
  18. Reading: BCP and DRP: Business Continuity Activity
  19. Vidéo: BCP and DRP: Disaster Recovery Planning
  20. Reading: BCP and DRP: Disaster Recovery Planning
  21. Vidéo: BCP and DRP: Related Documents
  22. Reading: BCP and DRP: Related Documents
  23. Vidéo: BCP and DRP: Multiple Processing Sites
  24. Reading: BCP and DRP: Multiple Processing Sites
  25. Vidéo: BCP and DRP: Backup and Redundancy Implementation
  26. Reading: BCP and DRP: Backup and Redundancy Implementation
  27. Vidéo: BCP and DRP: Off-Site Storage
  28. Reading: BCP and DRP: Off-Site Storage
  29. Vidéo: BCP and DRP: RAID Levels
  30. Reading: BCP and DRP: RAID Levels
  31. Vidéo: BCP and DRP: RAID Levels
  32. Reading: BCP and DRP: RAID Levels
  33. Vidéo: BCP and DRP: Testing and Drills
  34. Reading: BCP and DRP: Testing and Drills
  35. Vidéo: BCP and DRP: Full Interruption Testing
  36. Reading: BCP and DRP: Full Interruption Testing
Graded AssignmentNoté: Quiz 5
SEMAINE 6
Case Study
This assignment is based on a case study that will require the student to put into practice the knowledge they have gained through the course. It requires the basic understanding of the topics and the ability to relate those topics to the real world. The objective of review is to determine whether the student has understood the concepts and has performed the necessary analysis to ensure a complete and thorough answer.
    Graded AssignmentNoté: Risk Response Recovery and Incident Management Case Study
    SEMAINE 7
    Exam
    Stacked File
    1 lecture
    1. Reading: SSCP Exam Information
    Graded AssignmentNoté: End-of-Course Exam

    FAQ
    Comment cela fonctionne
    Coursework
    Coursework

    Each course is like an interactive textbook, featuring pre-recorded videos, quizzes and projects.

    Help from Your Peers
    Help from Your Peers

    Connect with thousands of other learners and debate ideas, discuss course material, and get help mastering concepts.

    Certificates
    Certificates

    Earn official recognition for your work, and share your success with friends, colleagues, and employers.

    Créateurs
    (ISC)²
    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. www.isc2.org
    Tarification
    Acheter le cours
    Accéder au contenu du cours

    Disponible

    Accéder au contenu noté

    Disponible

    Recevoir une Note Finale

    Disponible

    Obtenir un Certificat de Cours partageable

    Disponible

    Notation et examens
    Note moyenne 5 sur 5 sur 2 notes


    Coursera
    Coursera propose un accès universel à la meilleure formation au monde, en partenariat avec des universités et des organisations du plus haut niveau, pour proposer des cours en ligne.
    © 2018 Coursera Inc. Tous droits réservés.
    Télécharger dans l'App StoreDisponible sur Google Play
    • Coursera
    • À propos
    • Direction
    • Carrières
    • Catalogue
    • Certificats
    • Diplômes
    • pour l'entreprise
    • For Government
    • Communauté
    • partenaires
    • Mentors
    • Traducteurs
    • Développeurs
    • Testeurs bêta
    • Se connecter
    • Blog
    • Facebook
    • LinkedIn
    • Twitter
    • Google+
    • Blog Tech
    • Plus
    • Conditions
    • Confidentialité
    • Aide
    • Accessibilité
    • Presse
    • Contact
    • Répertoire
    • Filiales