Applied Cybersecurity, Incident Response and Forensics
This five-day hands-on course is designed to increase the knowledge and skills of technical staff charged with administering and securing information systems and networks. Security topics such as vulnerability assessment, systems administration, network monitoring, incident response, and digital forensics will offer a comprehensive defense-in-depth experience. Each participant will have direct administrative access to a wide variety of networked systems (Windows, Linux and Cisco), which will be modified and instrumented throughout the course. Instruction will consist of individual labs and team-based exercises modeled from real-world threat scenarios.
The course will begin with a review of host and network system hardening concepts supported by several hands-on labs. There will be additional defense-in-depth lecture/lab topics including Intrusion Detection Systems (IDS), network monitoring, and centralized log collection.
On the second day, participants will be grouped into teams and begin implementing a network "get well" plan to correct several design and implementation flaws within a sample infrastructure. These activities will carry over into day three, in which participants will apply their newly acquired skills to detect, analyze, and respond to real-world threats.
Day four provides teams further incident response experience by competing in a scored exercise identifying vulnerabilities and prioritizing defensive measures. The experience is further amplified with the introduction of additional network topologies requiring participants and teams to adapt and apply their skills to a new environment.
The final day of the course addresses basic computer forensics topics. Having some previous forensics training will help, but is not required. Concepts will be reviewed in class before placing teams in a scenario in which volatile and non-volatile data analysis is required. Teams must identify the digital evidence remaining from the previous day's technical response and analysis challenge in another team-based graded exercise.
Technical staff members who manage or support networked information systems and have (recommended)
- one year of practical experience with networked systems or equivalent training/education
- six months of security administration experience
- background in data networking with entry-level Unix or Windows system administration experience
- familiarity with the OSI model and the TCP/IP protocol stack
- install/configure network access control technologies
- install/configure intrusion detection sensors
- implement techniques for hardening host systems and services
- implement technology for monitoring the status/availability of network services
- implement system logging and networking monitoring
- safely collect and secure sensitive incident response data
- analyze and respond to network and system events
- Windows and Unix host system hardening
- system availability monitoring
- network access control techniques
- secure network architectures and topologies
- intrusion detection systems
- secure implementation of logging and network monitoring
- forensic analysis and incident response
Participants will receive a course notebook and a downloadable copy of course materials.
Before registering for this course, participants must complete the Information Security for Technical Staff course or have equivalent training or experience.
3 - Day Course
This three-day course begins with a brief review of the conceptual foundations of information security. Next, students will be introduced to the CERT Defense-in-Depth Framework: eight operationally focused and interdependent management components which will be synergistically applied to a fictitious organization's Information Technology (IT)...
Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.