Complete Guide to Incident Response for Security Analysts

سرفصل های دوره

This course is for security professionals who want to learn how to handle cyber incidents effectively. Instructor Liam Cleary covers the fundamental principles of incident response, which include preparation, detection, analysis, containment, eradication, recovery, and post-incident activities. The course emphasizes the application of popular platforms like Microsoft Defender and Sentinel through demonstrations. Liam also covers the integration of open-source tools to provide a well-rounded approach.

Explore strategies for containing cybersecurity threats, with topics such as network segmentation, endpoint protection, and automation for rapid threat mitigation. Learn about the importance of thorough cleaning, system restoration, and enhanced security measures for returning to normal operations after an attack. Liam also explains legal and regulatory compliance, effective communication during incidents, and the crucial role of leadership in crisis management.

01 - Introduction

01 - Handle security incidents like a pro

02 - 1. Introduction to Incident Response

01 - Overview of incident response

02 - Incident response lifecycle

03 - Roles and responsibilities

04 - Understanding cyber threats

05 - Tools and resources

03 - 2. Preparing for Incident Response

01 - Incident response planning

02 - Building an incident response toolkit

03 - Threat intelligence in incident response

04 - Incident response training and awareness

05 - Simulations and tabletop exercises

04 - 3. Detection and Analysis

01 - Introduction to detection with Microsoft Defender

02 - Creating detection rules within Microsoft Defender

03 - Advanced threat detection techniques

04 - Log management and SIEM

05 - Setting up log management in Sentinel

06 - Incident analysis and prioritization

07 - Leveraging open-source tools for detection and analysis

05 - 4. Containment Strategies

01 - Containment fundamentals

02 - Using Microsoft Defender for containment

03 - Implementing containment with Microsoft Defender

04 - Network segmentation and isolation techniques

05 - Endpoint containment strategies

06 - Legal and ethical considerations in containment

06 - 5. Eradication and Recovery

01 - Eradication techniques

02 - Recovery planning with Microsoft tools

03 - Post-incident recovery

04 - Disaster recovery planning

05 - Business continuity planning

06 - Lessons learned

07 - Post-incident reporting

07 - 6. Incident Response Techniques

01 - Hunting with Microsoft Sentinel

02 - Hunting for threats within Microsoft Sentinel

03 - Automating responses with playbooks in Sentinel

04 - Using playbooks with Sentinel

05 - Dive into forensic analysis

06 - Dealing with advanced persistent threats (APTs)

07 - Integrating AI and machine learning

08 - 7. Regulatory Compliance and Legal Issues

01 - Understanding compliance requirements

02 - Incident reporting obligations

03 - Working with law enforcement

04 - Data privacy and security

05 - Cyber insurance and incident response

09 - 8. Communication During Incidents

01 - Internal communication strategies

02 - Communicating with stakeholders

03 - Crisis communication plans

04 - Documentation and reporting

05 - Feedback loops and continuous improvement

06 - Role of leadership during incidents

10 - 9. Using Cloud Platforms for Incident Response

01 - Cloud security and incident response

02 - Microsoft Azure security features for incident response

03 - Understanding cloud and on-premises tool integration

04 - Cloud forensics and investigation techniques

11 - Conclusion

01 - Next steps

439,000 تومان

افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: LinkedIn Learning (Lynda)