Category:C21 Incident response
Introduction
Within C21 Incident response course, we will take a wide outlook on threats targeting modern enterprise in general and the ways responding to those threats takes place in real life scenarios. It is important to mention, that we will mostly focus and practical and applicational aspects of incident response, rather than governing or policy aspects. Thus, we will oversee these topics from a perspective of a SoC operations or system operations engineer/engineering lead, and look at those through a prism of a person responsible for actual mitigation, as opposed to policymaker view to the topic. While policymaking issues will be covered and touched during this course, practical and applicational aspects remain the focus here, for both lectures and hands-on training classes.
We will start from overlooking the current threat landscape, regional specifics and classification of threats targeting the modern enterprise. From that point, we will move over to detection and revealing mechanisms both technical and administrative used to detect the threat. We will go through most of the common detection and revealing tools used, and oversee the channels, which provide detection and initial discovery information. From that point, we will slightly switch over to tactics, and tactical approach to responding to each threat classification - racing over conventional threat vectors, and eventually concentrating the most focus on APT response in particular. We will cover evidence sustention, core reasons and intrusion path discovery and mitigation strategies in particular during the tactics session. Upon overlooking the technical and tactical aspects, we will finish with communications part, which may sound as non-technical, but plays a crucial, if not the most important role in incident response. While it may seem, that communication is something more of a front-office, communications-office business - it is important to understand, that pretty much in any real-life incident response scenario - communications is the key to success or failure, no matter how good or bad the technical effort is.
The course will be divided into 4-5 lecture sessions, depending on the speed and progress we will be doing during the coverage of topics mentioned above. For the hands-on part, class will be divided into working groups, simulating real enterprise staff structure (communications department, SoC, system engineering
This category currently contains no pages or media.