Last Day to Save $400 on SANS Network Security 2014

Security West 2013

San Diego, CA | Tue May 7 - Thu May 16, 2013

MGT535: Incident Response Team Management

  •  6 CPEs
  •   Laptop Not Needed

This course will take you to the next level of managing an incident response team. Given the frequency and complexity of today's attacks, incident response has become a critical function for organizations. Detecting and efficiently responding to incidents, especially those where critical resources are exposed to elevated risks, has become paramount, and to be effective, incident response efforts must have strong management processes to facilitate and guide them. Managing an incident response team requires special skills and knowledge. A background in information security management or security engineering is not sufficient for managing incidents. Furthermore, incident responders with strong technical skills do not necessarily become effective incident response managers. Special training is necessary.

This course was developed by an information security professional with over 26 years of experience, much of it in incident response. He was the founder of the first U.S. government incident response team. Students will learn by applying course content through hands-on skill-building exercises. These exercises range from: writing and evaluating incident response procedures, to the table-top validation of procedures, incident response management role playing in hypothetical scenarios, and hands-on experience in tracking incident status in hypothetical scenarios.

  • Introduction to incident response
  • Establishing requirements
  • Setting up operations
  • Communications
  • Making operations work
  • Legal and regulatory issues
  • Training, education, and awareness

Course Syllabus
InstructorsSchedule
Christopher Crowley Wed May 15th, 2013
9:00 AM - 5:00 PM
Additional Information
 
  Who Should Attend

  • Information security engineers and managers
  • IT managers
  • Operations managers
  • Risk management professionals
  • IT/system administration/network administration professionals
  • IT auditors
  • Business continuity and disaster recovery staff
 
  What To Take Next?

  • SEC504: Hacker Techniques, Exploits, and Incident Handling
  • MGT512: SANS Security Leadership Essentials for Managers with Knowledge Compression
  • MGT514: IT Security Strategic Planning, Policies and Leadership
  • FOR408: Computer Forensic Investigations - Windows In-Depth

 

Author Statement

Author Statement

I've developed this course because of the critical importance of good management in incident response efforts. As management goes, so do these efforts. I've learned much about incident response management from having formed and managed incident response teams and from helping many organizations start or improve incident response efforts. I've taken the knowledge and skills I have gained and incorporated them into this course. - Eugene Schultz, Ph.D

Dr. Schultz passed away Oct 2, 2011. Stephen Northcutt was interim author for this course until March 2013, when I was asked to take lead for the course development. Incident Response Management is a dynamic and challenging endeavor fraught with high personnel turnover, rapid technology shifts, minimal funding, and a nearly impossible objective of defending an organization from every conceivable threat. Like Dr. Schultz, I managed incident response teams and created incident response capabilities where none existed before. Incident Response is the most challenging position to hold in Information Assurance, as you are the team that is called upon at the worst time, to fight the hardest battles. Through this course, I intend to equip each one of you to navigate difficult political environments, to understand complicated technology, to analyze the data and information technical staff provide, and to translate this information into business relevant information that will make the organization more resilient for the long term. - Chris Crowley