Incident Management

 

This course addresses the most important elements of Incident Management, presenting and analyzing the most frequent attack scenarios. An information security management framework is presented, including preparatory actions and incident identification, containment, mitigation and response measures. Moreover, the course deals with organizational and management aspects such as creating an incident response team, obtaining and organizing necessary resources, and budgetary considerations within the context of the current regulatory framework and according to the most up-to-date Incident Management guidelines.

AIMS
Describe the structure and composition of a CSIRT (Computer Security Incident Response Team); how to create such a team given organizational constraints and using existing resources; CSIRT member placement within the company in terms of roles and responsibilities and their interactions with figures both within and outside of the organization. Reference is made to how internal policy is established, implemented and updated. One of the goals of this course is to set forth the necessary response procedures, reviewing both their methodological and practical-technical aspects in order to resolve an incident as fast as possible while ensuring that its impact is effectively contained. The course touches on different elements in log management such as the identification, collection and analysis of code sources. With the help of case studies, participants can practice filling out the documentation that is necessary in the event of an incident. Moreover the course deals with legal aspects and the regulatory framework in force on the national level, with particular emphasis on those sections of Criminal and Civil Law that are applicable tocomputer crime. The new tool used for incident management, DFLabs Incident Manager (IMAN), is IODEF compliant. DFLabs IncMan Suite contains IMAN Module.

 

Duration IMAN Training: 2 days