This course covers network defense and incident response methods, tactics, and procedures that are in alignment with industry frameworks such as NIST 800-61r2 (Computer Security Incident Handling Guide), US-CERT's National Cyber Incident Response Plan (NCIRP), and Presidential Policy Directive (PPD)-41 on Cyber Incident Coordination.
Your course package is designed to provide maximum learning and convenience. This is included in the price of your course:
Your expert instructor will get you ready for the following exam and certification, which are included in your course package and covered by the Certification guarantee.
You´ll have the perfect starting point for your training with these prerequisites:
- At least two years (recommended) of experience or education in computer network security technology or a related field.
- The ability or curiosity to recognize information security vulnerabilities and threats in the context of risk management.
- Foundational knowledge of the concepts and operational framework of common assurance safeguards in network environments. Safeguards include, but are not limited to, firewalls, intrusion prevention systems, and VPNs.
- General knowledge of the concepts and operational framework of common assurance safeguards in computing environments. Safeguards include, but are not limited to, basic authentication and authorization, resource permissions, and anti-malware mechanisms.
- Foundation-level skills with some of the common operating systems for computing environments.
- Entry-level understanding of some of the common concepts for network environments, such as routing and switching.
- General or practical knowledge of major TCP/IP networking protocols, including, but not limited to, TCP, IP, UDP, DNS, HTTP, ARP, ICMP, and DHCP.
Using our engaging learning methodology including a variety of tools, we’ll cover the entire curriculum.
This course is designed primarily for cybersecurity practitioners preparing for or who currently perform job functions related to protecting information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. It is ideal for those roles within federal contracting companies and private sector firms whose mission or strategic objectives require the execution of Defensive Cyber Operations (DCO) or DoD Information Network (DoDIN) operation and incident handling. This course focuses on the knowledge, ability, and skills necessary to provide for the defense of those information systems in a cybersecurity context, including protection, detection, analysis, investigation, and response processes.
In addition, the course ensures that all members of an IT team—regardless of size, rank, or budget—understand their role in the cyber defense, incident response, and incident handling process.
In this course, you will understand, assess, and respond to security threats and operate a system and network security analysis platform. You will:
- Compare and contrast various threats and classify threat profiles.
- Explain the purpose and use of attack methods and techniques.
- Explain the purpose and use of post-exploitation tools and tactics.
- Given a scenario, perform ongoing threat landscape research and use data to prepare for incidents.
- Explain the purpose and characteristics of various data sources.
- Given a scenario, use real-time data analysis to detect anomalies.
- Given a scenario, analyze common indicators of potential compromise.
- Given a scenario, use appropriate tools to analyze logs.
- Given a scenario, use appropriate containment methods or tools.
- Given a scenario, use appropriate asset discovery methods or tools.
- Given a scenario, use Windows tools to analyze incidents.
- Given a scenario, use Linux-based tools to analyze incidents.
- Given a scenario, execute the incident response process.
- Explain the importance of best practices in preparation for incident response.
- Identify applicable compliance, standards, frameworks, and best practices.
- Explain the importance of concepts that are unique to forensic analysis.
- Identify the common areas of vulnerability.
- Identify the steps of the vulnerability process.
The Virtual Classroom is an online forum, where you will join your instructor and fellow classmates in real time. Everything happens live and you can interact freely, discuss, ask questions, and watch your instructor present on a whiteboard, discuss the courseware and slides, work with labs, and review.
Your prereading sits in your personal space at readynez.com: My Readynez. Simply log in, find your course and start your preparations.
Your exam voucher is usually included in your virtual training package. When you´re ready to sit your exam, you just book it. You can sit most exams from home or at a local test centre. We’re here to help you with that process.