Overview

The program provides a thorough overview of tasks, processes, procedures, escalation workflows and tools used by a Security Analyst/Incident Handler. Through use cases, examples, and hands-on exercises, participants investigate a variety of critical incident response scenarios. The instructional material emphasizes decision-making and prioritization with the goal of teaching the participants how to make an assessment in a short amount of time using security monitoring instrumentation, contextual analysis and correlation to indicators of network exploitation. participants develop a broader understanding of the role the SOC fulfills in the larger organization, including exposing them to the legal and regulatory compliance issues associated with incident response and assessing organizational risk.

Duration:

3 days (24 hours)

Course Objectives

Upon completing the program, participants should be able to:

• Outline sustainable and repeatable tasks, processes, procedures, escalation points and workflows of the Security Analyst/Incident Handler
• Ingest daily intelligence reports and preview shift logs
• Recognize the legal, corporate investigative responsibilities and compliance issues associated with incident responses
• Participate in risk analysis for central and distributed networks to include the impact of cloud based infrastructures as part of the SOC
• Review, triage, investigate and analyze escalated events and incidents from other analysts or IS groups during shift
• Monitor security events using all SOC data sources
• Investigate all incidents aligned to proper process, procedure and escalation points
• Prioritize incident response relative to threat severity, business context and activity volume
• Recommend, develop and implement remediation procedures
• Create an incident report with appropriate handoffs and closure
• Coordinate, de-conflict and align event and incident communication
• Support root cause analysis
• Prepare communication for executives and enterprise stakeholders

Who should attend

Security Analysts with 6-12 months of experience working in a Security Operations Center, Network Operation Center (NOC), Critical Incident Response Team (CIRT) or similar function.

Course outline

1.     Tools & Tasks of an Incident Handler

• List the tasks, processes, procedures and escalation points of a level two security analyst
• Identify the tools used by the level two security analyst
• Provide examples of the types of incidents handled by the level two security analyst
• Ingest daily intelligence reports & previous shift logs for efficient operation handoffs, escalations & transitions

2.     Participate in Regulatory Compliance

• Define security compliance
• Describe the types of compliance standards
• Outline the steps to become compliant with a standard
• Distinguish a security program from a compliance program
• Outline what happens during a compliance audit
• Identify the responsibilities of a security analyst for a security audit

3.     Contribute to Risk Assessment & Mitigation

• Monitor security control to mitigate risk
• Participate in risk analysis for central & distributed networks
• List organizational assets protected by the SOC
• Assess vulnerabilities of assets

4.      Investigate an Incident

• Investigate all escalated incidents
• Summarize the steps required to create a malware analysis environment
• Explore the tools included in the program’s malware analysis environment
• Respond to an Incident
• Escalate incident as required

5.     Prioritize Incident Response Recommending Remediation

• Recommend remediation to operations & make recommendations to appropriate department after each incident

6.     Address After-Action Items

• Create an incident report
• Derive & incorporate threat intelligence from incident
• Root cause analysis

7.     Prepare Executive-Level Communication

• Prepare a brief to senior management
• Summarize incident to Operations