Contact Us
SF – Cyber Security Incident Handling and Response
Cybersecurity (CREST)

Course Overview

This comprehensive 3-day course is designed to equip participants with the essential skills and knowledge needed for effective cyber security incident handling and response. Ideal for professionals looking to enhance their incident management capabilities, this course prepares attendees to tackle a wide range of security incidents as well as the CPIA (CREST Practitioner Intrusion Analyst) Exam.

  • Duration: 3 days
Contact Us
man holding tablet computer

Description

Learning Objectives

Upon completion of this course, participants will be able to:

  • Establish a robust incident response plan by defining the scope and context of incidents.
  • Implement security by design principles to enhance overall system resilience.
  • Develop and deploy effective incident response strategies tailored to various types of security incidents.
  • Integrate digital forensics practices into the incident response process for better evidence collection and analysis.
  • Manage and respond to specific incidents, including malware attacks, email security breaches, network vulnerabilities, web application threats, cloud security issues, and insider threats.
  • Design performance metrics to evaluate the effectiveness of incident response efforts and continuously improve processes.



Who Should Attend?

  • Aspiring incident response team members in information security
  • Practitioners seeking CREST Registration
  • System administrators handling attacks
  • Incident handlers wanting to learn about Digital Forensics
  • Government departments aiming to enhance security team skills
  • Law enforcement officers expanding investigative expertise
  • Information security managers updating on current techniques
  • Individuals interested in a career in Intrusion Analysis or Digital Forensics, meeting prerequisites


Prerequisites & Exams

Recommended Prerequisites:

Minimum Diploma Level is recommended.


Before attending this course, students must have:

  • Demonstrate familiarity with basic Operating system and Networking concept



Certification Exam

The CPIA (CREST Practitioner Intrusion Analyst) has no prerequisite exam but is the prerequisite to the CRIA (CREST Registered Intrusion Analyst) exam.


The CPIA exam is an entry-level exam that tests a candidate’s knowledge in assessing fundamental aspects of Incident Response below that of the CRIA qualification. This includes administration and incident management, the core technical skills required to deal with an incident, Information Gathering, Network and Host Intrusion knowledge and Malware Analysis to a basic level.


CPIA validates a practitioner’s knowledge of Incident Response beyond terminology. Successful CPIA candidates will be able to demonstrate that they are qualified for hands-on Incident Response roles (indicative of 2 years experience) with respect to:

Soft Skills and Incident Handling

  • Core Technical Skills
  • Background Information Gathering and Open Source
  • Network Intrusion Analysis
  • Analyzing Host Intrusions
  • Malware Analysis/Reverse Engineering


Number of Questions : 120

Duration : 2 Hours

Format : Multiple choice questions

Location : Pearson Vue Testing Center


Passing Score

Successful candidates must score 60% of the available marks. That is:

– at least 72 marks from the written component (possible total: 120 marks)



Course Outline

Day 01

1. Introduction to Incident Handling and Response

  • 1.1. Review of Enterprise Governance and Business Continuity
  • 1.2. Review Threat Intelligence
  • 1.3. Overview of Incident Response Frameworks

2. Incident Handling and Response Process

  • 2.1. Define the scope and Context for Incident Response Plan
  • 2.2. Security By Design
  • 2.3. Deployment and Implementation

3. Forensic Readiness and First Response

  • 3.1. Introduction to Digital Forensics
  • 3.2. Forensics Readiness
  • 3.3. Digital Forensic and Incident Response


Day 02

4. Handling and Response to Malware Incidents

  • 4.1. Dynamic Application Review
  • 4.2. Static Application Review
  • 4.3. Critical Areas of Assessment

5. Handling and Responding to Email Security Incidents

  • 5.1. Define the Scope, objective of Incident Response Plan related to Email Security Incidents
  • 5.2. Design and Develop Incident Response Plan
  • 5.3. Define Performance Metrics Guidelines

6. Handling and Responding to Network Security Incidents

  • 6.1. Define the Scope, objective of Incident Response Plan related to Network Security Incidents
  • 6.2. Design and Develop Incident Response Plan
  • 6.3. Define Performance Metrics Guidelines
  • 6.4. Critical Area of Assessment


Day 03

7. Handling and Responding to Web Application Security Incidents

  • 7.1. Define the Scope, objective of Incident Response Plan related to Web Application Security Incidents
  • 7.2. Design and Develop Incident Response Playbook
  • 7.3. Define Performance Metrics Guidelines
  • 7.4. Critical Area of Assessment

8. Handling and Responding to Cloud Security Incidents

  • 8.1. Define the Scope, objective of Incident Response plan related to Email Cyber attacks
  • 8.2. Design and Develop Incident Response Playbook
  • 8.3. Define Performance Metrics Guidelines
  • 8.4. Critical Area of Assessment

9. Handling and Responding to Insider Threats Incidents

  • 9.1. Define the Scope, objective of Incident Response plan related to Insider Threat Security Incidents
  • 9.2. Design and Develop Incident Response Playbook
  • 9.3. Define Performance Metrics Guidelines
  • 9.4. Critical Area of Assessment

You might also be interested in

three person sitting in-front of table with laptop computers
Advanced Architecting on AWS
Cloud Computing
Learn More
three person sitting in-front of table with laptop computers
Advanced AWS Well-Architected Best Practices
Cloud Computing
Learn More
three person sitting in-front of table with laptop computers
Agile Marketing with SAFe
Agile & Scrum
Learn More