Class Details

Price: $1,635

2-Day Course Includes:

  • Exam Voucher 
  • Class exercises in addition to training instruction
  • Courseware books, notepads, pens, highlighters and other materials
  • Course retake option
  • Full breakfast with variety of bagels, fruits, yogurt, doughnuts and juice
  • Tea, coffee, and soda available throughout the day
  • Freshly baked cookies every afternoon - *only at participating locations

Download the Full EC-Council Cyber Security Programs Guide 


Course Outline

Overview of Incident Response and Handling

  • Statistics on Cyber Incidents
  • Computer Security (CS)
  • Business Assets – Information
  • Classifying Data
  • Common Terms
  • Information Warfare
  • Key Theories For Information Security
  • Vulnerability, Threat, and Attack
  • CS Incident Types and Examples
  • Incidents and Disaster Recovery Plans
  • Common Signals of an Incident
  • Low, Middle and High Level Categories of Incidents
  • Prioritization
  • Response and Handling
  • Technologies for Disaster Recovery
  • Virtualization’s Impact
  • Incident Costs
  • Reporting
  • Vulnerability Resources

Risk Assessments

  • Overview of Risk
  • Policies and Assessment
  • Method for Risk Assessment by NIST
  • Assessing Workplace Risk
  • Strategies for Analyzing and Mitigating Risk
  • Cost/Benefit Analysis
  • Method for Control Implementation by NIST
  • Residual Risk
  • Tools for Managing Risk

Steps for Incident Response and Handling

  • Identifying and Handling an Incident
  • Need for and Goals of Incident Response
  • Creating an Effective Plan for Incident Response
  • 17 Steps for Incident Response and Handling
  • Training and Creating Awareness
  • Security Training and Awareness Checklist
  • Managing Incidents
  • Incident Response Team
  • Interrelationship Between Incident Response, Handling, and Management
  • Common Best Practices and Policy
  • Creating a Checklist
  • RTIR – Incident Handling System
  • RPIER – 1st Responder Framework

CSIRT

  • Computer Security Incident Response Team (CSIRT)
  • Purpose of an IRT
  • Goals, Strategy and Vision of a CSIRT
  • CSIRT – Common Names
  • Mission Statement
  • Constituency and CSIRT’s Place within an Organization
  • Peer Relationship
  • Environment Types for CSIRT
  • Creating a CSIRT
  • Team Roles
  • Services, Policies and Procedures
  • Handling a Case and the Incident Report Form
  • Techniques for Tracking and Reporting
  • CERT
  • CERT-CC
  • CERT(R) Coordination Center: Incident Reporting Form
  • CERT:OCTAVE
  • World CERTs
  • IRTs Around the World

Handling Incidents with Network Security

  • DoS and DDoS Incidents
  • Detecting a DoS Attack
  • Preparing for a DoS Attack and How to Handle It
  • Incidents of Unauthorized Access
  • Incidents of Inappropriate Usage
  • Incidents with Many Components
  • Tools for Monitoring Network Traffic
  • Tools for Auditing the Network
  • Network Protection Tools

Malicious Code Incidents

  • Malware Samples Count
  • Viruses, Worms, Trojans and Spywares
  • Preparing for Incident Handling
  • Incident Prevention
  • Detection of Malware
  • Creating a Strategy for Containment
  • Gathering and Handling Evidence
  • Eradication and Recovery
  • Recommendations
  • Antivirus Systems

Insider Threats

  • Overview and Anatomy of an Insider Attack
  • Risk Matrix
  • Detecting and Responding to Insider Threats
  • Insider’s Incident Response Plan
  • Common Guidelines for Threat Detection and Prevention
  • Tools for Monitoring Employees

Forensic Analysis and Incident Response

  • Computer Forensics
  • Objectives and Role of Forensic Analysis
  • Forensic Readiness And Business Continuity
  • Forensic Types
  • Computer Forensic Investigators and the Investigation Process
  • Overview and Characteristics of Digital Evidence
  • Overview and Challenges of Collecting Evidence
  • Forensic Policy
  • Forensics in the IS Life Cycle
  • Guidelines and Tools for Forensic Analysis

Incident Reporting

  • Overview of Incident Reporting and Why You Should Report Any Incidents
  • Why Many Organizations Don’t Report
  • Creating the Report and Where to Send It
  • Preliminary Reporting Form
  • CERT Incident Reference Numbers
  • Incorporating Contact Information
  • Host Summary and Activity Description
  • Log Extracts
  • Time Zone
  • Incident Categories
  • Organizations to Report Computer Incident
  • Guidelines to Follow
  • Sample Reporting Forms

Incident Recovery

  • Overview of Incident Recovery and Common Principles
  • Steps for Recovery
  • Contingency and Continuity of Operations Planning
  • Business Continuity Planning
  • Incident Recovery Plans and the Planning Process

Security Laws and Policies

  • Introduction to and the Key Pieces of a Security Policy
  • Common Policy Goals and Characteristics
  • Designing and Implementing a Security Policy
  • Acceptable Use Policy (AUP)
  • Access and Asset Control Policies
  • Audit Trail
  • Logging
  • Documenting
  • Collecting and Preserving Evidence
  • Information Security
  • NIACAP Policy
  • Physical Security Guidelines and Policies
  • Personnel Security Guidelines and Policies
  • Law and Incident Handling
  • Laws and Acts
  • IP Laws

Class Exam

Details:

  • Code: 212-89
  • Number of Questions: 50
  • Passing Score: 70%
  • Duration: 2 hours
  • Format: multiple choice
  • Delivery: Prometric and Pearson VUE

Objectives:

  • Introduction to Incident Response and Handling
  • Risk Assessment
  • Incident Response and Handling Steps
  • CSIRT
  • Handling Network Security Incidents
  • Handling Malicious Code Incidents
  • Handling Insider Threats
  • Forensic Analysis and Incident Response
  • Incident Reporting
  • Incident Recovery
  • Security Policies and Laws

Phoenix TS is an authorized testing center for Prometric and Pearson VUE exams. Register for exams by contacting us or visiting the Pearson VUE and Prometric websites. 

Register for Class

Date Location
03/04/19 - 03/05/19, 2 days, 8:30AM – 4:30PM Tysons Corner, VA Register
03/11/19 - 03/12/19, 2 days, 8:30AM – 4:30PM Columbia, MD Register
03/11/19 - 03/12/19, 2 days, 8:30AM – 4:30PM Online Register
09/03/19 - 09/04/19, 2 days, 8:30AM – 4:30PM Tysons Corner, VA Register
09/10/19 - 09/11/19, 2 days, 8:30AM – 4:30PM Columbia, MD Register
09/10/19 - 09/11/19, 2 days, 8:30AM – 4:30PM Online Register