Incident Response (INRE-201)



Incident Response (INRE-201)

This is a closed class. It requires a contract. On-site for 22 people.

Days: 5 Days Labs: Yes –Local Cyber Range

Type of Course: Advanced Security / Technical

Prerequisite skills: CYBER-101 or equivalent 

About this course: Provides all of the essential skills for an incident responder to prepare for an incident, find the needles in the network haystack to confirm that an incident is occurring, and respond in a timely manner to close the gap and protect the organization from further harm. Maps to NICE Protect and Defend specialty areas responsible for the identification, analysis, and mitigation of threats to internal IT systems or networks. Incident Response focuses on how to respond to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats.

Goals: Students work through practical exercises by designing an incident plan for one of their key systems, analyzing network traffic with malicious activity, performing basic host analysis, and writing an incident report. Follow-on course: Incident Response Skills Development. Prerequisite: Introduction to Cybersecurity.

Topics: Mitigation, preparedness, response and recovery approaches maximizing survival of life, preservation of property, and information security. Investigation and analysis of relevant response activities. Essential principles for implementing protective and detective technologies, policy, procedure, and regulation, recognizing attack types, developing and deploying countermeasures, analyzing system and network activity from malicious software, and communication skills.

Methods of instruction: There are 8 different possible exercises that can be used in a module. Some examples include: threats and controls, case studies, risk analysis practice, and reading review. Technical labs will require basic skills in operating systems and virtualization. As soon as students become too comfortable, the instructor will switch methods.

Students are expected to have basic experience in the areas of networking and DoD Cybersecurity as well as knowledge of related Cybersecurity policies and procedures.  Course support DISA responsibilities in DoD Cybersecurity Discipline Implementation Plan, DoD I 8551.01, the STIG’s and NIST SP800-53. The course covers topics in NICCS / NICE and ARTEP.