Paths

Incident Handler (ECIH and GCIH Prep)

Author: Dale Meredith

In this series, you will learn what is needed to help keep your network more secure by being proactive and aware of what is happening in your environment. Next, you will learn... Read more

ECIH and GCIH

It’s not a matter of “if”, but rather “when” an attack is going to happen. With so many threats and vulnerabilities in today's infrastructures, creating an impenetrable framework is nearly impossible. No matter what you know or do, the hard truth is there's no guaranteed way to stop an attacker from penetrating your organization.

In this series, you will learn what is needed to help keep your network more secure by being proactive and aware of what is happening in your environment. Next, you will learn what to do when your system or device has been targeted. When you are finished with this course, you will know how to respond to incidents and mitigate security threats.

1

Assessing and Mitigating Security Risks

by Dale Meredith

Dec 9, 2016 / 3h 14m

Beginner • 3h 14m

Start Course
Description

With so many threats and vulnerabilities in today's infrastructures, creating an impregnable framework is nearly impossible. Therefore, it is every IT security professionals' responsibility to make important decisions and take action to best safeguard data and assets. In this course, Assessing and Mitigating Security Risks, you will gain an understanding of risk management and how it can enable thoughtful and focused defense strategies. First, you will learn about the landscape, what risk assessment is, and how it can be conducted successfully. Next, you will learn about mitigation and controls. Finally, you will delve into tools and resources that can help your company get a jump start on protecting your network. When you are finished with this course, you will have the knowledge necessary to respond to incidents and mitigate those security threats.

Table of contents
  1. Course Overview
    1m 58s
  2. What's the Landscape Like?
    1h 4s
  3. What Is Risk Assessment?
    29m 35s
  4. Successful Risk Assessments
    44m 26s
  5. Mitigation and Controls
    26m 17s
  6. Tools and Tips
    31m 43s
2

Performing Incident Response and Handling

by Dale Meredith

Jan 24, 2018 / 5h 19m

Beginner • 5h 19m

Start Course
Description

It’s not a matter of “if”, but rather “when” an attack is going to happen. No matter what you know or do, the hard truth is there's no guaranteed way to stop an attacker from penetrating your organization. Once you’ve accepted that an attack will be unavoidable, your job now becomes "How do I respond to these situations?". This is where the role of an "Incident Responder" comes into play. What do you do when a system or device has been targeted? Well, that depends on the incident itself. In this course, Performing Incident Response and Handling, you'll start by making sure that you and your organization are prepared by learning about each of the security policies that you should have in place to clarify and focus everyone on the importance of keeping your resources secure. First, you'll learn about the actual process of detecting incidents and how to respond to them. Next, you'll explore the actual workflow steps that every security professional should follow to make sure you are consistent with all incidents that are currently affecting you as well as future ones. Finally, you'll dive into some of the more common incidents that take place in your networks by looking at how to handle and respond to issues like a DoS, a Session Hijack, or even Malicious Code. By the end of this course, you'll understand what is needed to help keep your network more secure by being more proactive and aware of what's happening in your environment.

Table of contents
  1. Course Overview
    3m 30s
  2. Preparing for Incident Response and Handling
    49m 6s
  3. Incident Response Processes
    43m 20s
  4. The Workflow of Incident Response
    40m 52s
  5. Networks and Host Attacks
    59m 11s
  6. Service and Application Attacks
    1h 10m 17s
  7. Malicious Code and Insider Threats
    53m
3

Preparing for and Executing Incident Recovery

by Dale Meredith

Mar 19, 2018 / 3h 24m

Beginner • 3h 24m

Start Course
Description

Cybersecurity investigations are used to determine what events, changes, and other actions have happened on a device, who or what performed them, and what data is stored there. In this course, Preparing for and Executing Incident Recovery, you'll leanr how to conduct an investigation, eradicate the incident and how to build out your own CSI (Cyber-Security Investigator) Jump-Bag. First you'll learn how to be ready to conduct your own forensic investigations. Next, you'll learn what computer forensic techniques are used in a variety of scenarios, including police investigations, system misuse, compromise and malware analysis, and investigations related to internal policy violations. Then, you'll learn about how to create your own forensics kit, their contents, and the use of these devices and tools. Finally, you'll be shown some forensic suites and tools that provide you what you'll need to capture and preserve forensics data and to perform forensic investigations. By the end of this course, you will have discovered and developed new skills to tackle many cyber-security scenarios.

Table of contents
  1. Course Overview
    2m 43s
  2. Your Objectives Here
    42m 11s
  3. What Should Be in Your “Jump-bag”?
    28m 43s
  4. What About the Digital “Jump-bag”
    45m 44s
  5. Understanding the Incident Recovery Process
    33m 9s
  6. The Techniques of Recovery: Containment
    11m 45s
  7. The Techniques of Recovery: Eradication
    13m 42s
  8. The Techniques of Recovery: Validation and Corrective Actions
    11m 52s
  9. That’s a Wrap
    14m 57s

What you will learn

  • Given a network-based threat, how to implement or recommend the appropriate response and countermeasure
  • Analyzing threat data or behavior to determine the impact of an incident
  • Communicating best practices and procedures during the incident response process
  • Summarizing the incident recovery and post-incident response process
  • Conducting forensic investigations
  • Using tools and resources to protect your network
  • Estimating cost of an incident
  • Identifying network security incidents
  • Reacting to insider attacks
  • Employing tools and evidence to determine the kind of malware used in an attack, (rootkits, Trojans, and backdoors and then choosing proper defenses and response tactics
  • Gauging an attacker's techniques that were used to gain access to a system and/or networks and then using that information to anticipate and thwart future attacks

Pre-requisites

Experience managing Windows/Unix/Linux systems. An understanding of common network and security services. A strong desire to understand hacker tools and techniques. A basic understanding of the Windows/Linux Command Line.