Responding to incidents within a corporate organization is a stressful and critical responsibility. During an incident, incident response managers and their team are watched, evaluated, and are expected to be able to lead. You do not want to be ill prepared. This boot camp is intended to assist designated incident managers before an incident by providing on-hand experience and guidelines on the entire process of managing of the incident. It covers situations which will require response techniques, coordination, communication and decision making. By applying the experiences absorbed through this boot camp and customizing them for one’s own unique environment, your organization will benefit from a very efficient and controlled incident management, as well as short resolution times and increase the organization’s knowledge through the lessons learned.
The attendees of this course will increase their knowledge and practical experience in the areas of Incident Response and Incident Management. After finishing the boot camp, the attendees will be able to
Understand the phases and follow the steps in each phase during an incident response
Organize a fast, coherent and effective reaction to the incident
Identify key personnel required to achieve proper reaction and minimize time to recovery
Deliver proper briefing to management in order to properly assess the situation within very short time frame of several minutes
Document the incident for reporting and further follow-up with documentation as recommended by international standards
Properly manage time and resources under pressure
Who should attend?
Information Security Professionals who want to advance their security incident management experience and exercise the conditions of an incident without bringing their organization in a harm’s way
ITProfessionals who want to fill the gaps in their understanding and managing of IT incidents, adopt proper reporting and resolution processes
Tactical level managers who want to advance their management capabilities in conditions of high stress and demands for fast resolution
Students who want to hone their skills in situation/incident management, as a preparation for their professional career in any high stress and high demand position.
Operational personnel and operational level managers (heads of units/team leaders) in organizations who offer real-time services where any downtime results in costs and penalties
Anyone entering the fields of IT or information security management
Knowledge prerequisites
In order to successfully follow the boot camp, the attendees should have knowledge of the following topics
Basic knowledge of business operations – Basic familiarity with business organization and chain of responsibility is preferable for all attendants, since incidents will affect the organization’s processes
Basic knowledge of IT services – Most incidents in a modern environment are related to IT services, so basic understanding of such services is expected from every incident manager
Knowledge of office tools (email, word, excel)
Incident Management Boot Camp Course Topics
Each topic is treated as an on-hand incident scenario. Through follow-through and resolution of the scenario the attendee will adopt the practical expertise of incident management
Scenario 1- Incident occurs – Identify and report signs of an incident, take the first steps to control it, and establish a chain of custody so that no relevant information or evidence is lost or unreported
Scenario 2 - Incident broadens - Identify the incident and Contain the incident by executing containment and quarantine procedures to minimize the risk of the incident
Scenario 3 - Incident escalates - Indentify the incident, Contain by executing containment processes and Eradicatethrough evaluation and remediation of incurred damage, whether a process or system is compromised, rebuild the platforms if required, and if necessary move to a new architecture
Scenario 4 - Full size incident - Indentify the incident, Contain by executing containment processes, Eradicate the compromised elements and perform controlled Recovery through determination who makes the decision to return to production, monitor the system, and prepare for increase in attacks
During all scenarios, the following additional aspects will be observed and exercised
Preparation – identify the core team of incident responders, deploy appropriate instrumentation for your site and system and create a set of tools to use as an Incident Response Kit
Incident Record Keeping - complete standardized pre-built forms to document and report the incident
IncidentFollow-Up- conduct a lessons-learned meeting and define appropriate changes in process for the future; evaluate performance of the response team and identify possibilities for improvement
