MGT535: Incident Response Team Management

  •  6 CPEs
  •   Laptop Not Needed

This course discusses the often-neglected topic of managing an incident response team. Given the frequency and complexity of today's cyber attacks, incident response is a critical function for organizations. Incident response is the last line of defense.

Detecting and efficiently responding to incidents requires strong management processes, and managing an incident response team requires special skills and knowledge. A background in information security management or security engineering is not sufficient for managing incidents. On the other hand, incident responders with strong technical skills do not necessarily become effective incident response managers. Special training is necessary.

This course was originally developed by Dr. Eugene Schultz, the founder of the first U.S. government incident response team and an information security professional with over 26 years of experience. The course has been updated to address current issues such as advanced persistent threat, incident response in the cloud, and threat intelligence. Students will learn by applying course content through hands-on, skill-building exercises that include evaluating incident response procedures, table-top validation of procedures, incident response management role-playing in hypothetical scenarios, and hands-on experience in tracking incident status in hypothetical scenarios.

You Will Learn:

  • Fundamentals of incident response
  • How to establish requirements
  • How to set up operations
  • Communications
  • How to make operations work
  • Legal and regulatory issues
  • Training, education, and awareness

Course Syllabus
Course Contents
  MGT535.1: Incident Response Team Management

CPE/CMU Credits: 6

Topics
  • Developing incident handling capabilities
  • Navigating executive management
  • Winning friends and convincing constituents of your incident response capabilities
  • Legal issues
  • Addressing the technical needs of performing incident response in a complex and sometimes unfamiliar environment.
 
Additional Information
 
  Who Should Attend
  • Information security engineers and managers
  • IT managers
  • Operations managers
  • Risk management professionals
  • IT/system administration/network administration professionals
  • IT auditors
  • Business continuity and disaster recovery staff
 
  Prerequisites

No specific prerequisites are required for this course, but knowledge of technical terms is beneficial and will facilitate participation in class discussions. Prior to attending the course, it would be useful to gather statistics from your organization such as those listed below:

  • Incidents per month
  • Average time to detection
  • Lost devices per quarter
  • Average cost per incident
  • Annual expenditure on loss-prevention capabilities

 
  Other Courses People Have Taken

Other Courses People Have Taken

 
  What You Will Receive
  • Course book
 
  Hands-on Training
  • Table-top validation of procedures
  • Incident response management role-playing in hypothetical scenarios
  • Tracking incident status in hypothetical scenarios
 
  Press & Reviews

"Since I am fresh out of college this was a definite eye opener. This course was very valuable in that it gives a view of most tools available for auditing networks." - Ryan Awai, SANS student

"Valuable information to take back to work with me, as well as hands-on testing examples." - Carol Jones, SANS student

 

Author Statement

I have developed this course because of the critical importance of good management in incident response efforts. As management goes, so do these efforts. I have learned much about incident response management from having formed and managed incident response teams and from helping many organizations start or improve incident response efforts. I have taken the knowledge and skills I have gained and incorporated them into this course.

- Eugene Schultz, Ph.D. (Dr. Schultz passed away on October 2, 2011)

Incident response management is a dynamic and challenging endeavor fraught with high personnel turnover, rapid technology shifts, minimal funding, and a nearly impossible objective of defending an organization from every conceivable threat. Like Dr. Schultz, I managed incident response teams and created incident response capabilities where none existed before. Incident response is the most challenging position to hold in Information Assurance, as you are the team that is called upon at the worst time, to fight the hardest battles. Through this course, I intend to equip each one of you to navigate difficult political environments, understand complicated technology, analyze the data and information provided by technical staff, and translate this information into business relevant information that will make the organization more resilient for the long term.

- Chris Crowley

Additional Resources

Take your learning beyond the classroom. Explore our site network for additional resources related to this course's subject matter.

*CPE/CMU credits not offered for the SelfStudy delivery method

Type
Topic
Course
/ Location
/ Instructor
Date
Register

Training Event
Management
SANS 2015
Orlando, FL
Apr 11, 2015 -
Apr 18, 2015
 

SelfStudy
Management
Online
Anytime  

Onsite
All OnSite Course of Your Choice Your Choice  

*Course contents may vary depending upon location, see specific event description for details.