Secu2: Incident response

Everyone is talking about "cyberwar", industrial espionage and data theft. Once attacks have been detected, it is important to act in a considered and organized manner. We therefore offer a workshop which will provide an action basis for reacting to IT security incidents. 

Topics

Basic incident response procedure

  • 5-phase model
  • What is only possible internally? What can be outsourced?
  • Dos and dont's (unknown tools, "blaming", etc.)

Preparation: Incident readiness

  • Basic tools
  • Personal preparation ("know your tools, know your procedures")
  • Organizational preparation
  • Technical preparation
  • Analysis of the existing network ("baselining", structure, etc.)

Attack detection

  • Working methods of hackers
  • Anti-forensic measures and what can still be seen
  • Warnings from third parties
  • IPS, SIEM, etc.

Attack analysis

  • Log files and protocols
  • Security tests and malware analysis
  • Identification of the attack vector
  • Forensic studies vs. triage: Consideration of individual analysis methods

Defensive measures and clearing up

  • Importance of people when protecting systems
  • Concentration on tools
  • Limits of IPS, SIEM, AV and firewall

"Lessons learned" and organizational structures

Attack patterns and analysis of exemplary attacks

  • "Know your enemy"
  • Phishing and classic Internet criminality
  • Investigation and targeted attacks
  • OpSec and the interaction between IT security and other security
  • Analysis of exemplary attacks

Technical requirements

Basic knowledge of networks, forensics and Linux 

Duration

Three days

DO NOT HESITATE TO GET IN TOUCH +49 (0)7071 - 40 78 56-0 or anfrage@syss.de | OUTSIDE REGULAR OFFICE Hours CALL +49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number

DO NOT HESITATE TO GET IN TOUCH +49 (0)7071 - 40 78 56-0 or anfrage@syss.de

OUTSIDE REGULAR OFFICE Hours CALL +49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number

GET IN TOUCH

+49 (0)7071 - 40 78 56-0 or anfrage@syss.de

OUTSIDE REGULAR OFFICE Hours

+49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number