安全事件响应规划培训

Module 1 Introduction
What is threat modelling?
The need for incident response plans
Assess vulnerabilities in your environment
Establish routine monitoring and review of network traffic and system performance
Log analysisModule 2 Incident Response Policy, Plan, and Procedure Creation
Creation of a CSIRT
Establish CSIRT team roles
Establish governing policyModule 3 Initial assessment of incident
Attack vectors
What are false positives and false negatives?
Determine the nature of the attack
Identify the systems that have been compromised
Choosing a containment strategyModule 4 Post-incident activity
Protect the evidence while restoring functionality
Recommendations and Lessons learned
Security incident report

.