This four-day course, designed for computer security incident response team (CSIRT) and security operations center (SOC) technical personnel with several months of incident handling experience, addresses techniques for detecting and responding to current and emerging computer security threats and attacks.
Building on the methods and tools discussed in the Fundamentals of Incident Handling course, this course provides guidance that incident handlers can use in responding to complex threats and attacks, including persistent threats. Through interactive instruction, facilitated discussions, and group exercises, instructors help participants identify and analyze a set of events and then propose appropriate response strategies.
Participants work as a team throughout the week to handle a series of escalating incidents that are presented as part of an ongoing scenario. Work includes team analysis of information and presentation of findings and response strategies. Participants also review more advanced types of activities related to incident handling such as threat hunting; artifact and malware analysis; vulnerability handling; and publishing and communicating information.
This CERT incident handling course, which adds additional expertise for understanding incident handling and related practices and functions, can be used to prepare for the CERT-Certified Incident Handler Certification. Before registering for this course, participants are encouraged to attend the companion course, Fundamentals of Incident Handling.
Current computer security incident response team (CSIRT) and security operations center (SOC) technical staff with six or more months incident handling experience
This course will help participants to
Before registering for this course, it is recommended that participants attend the Fundamentals of Incident Handling course. It is also recommended that participants have the following: