search menu icon-carat-right cmu-wordmark

Advanced Topics in Incident Handling

This four-day course, designed for computer security incident response team (CSIRT) and security operations center (SOC) technical personnel with several months of incident handling experience, addresses techniques for detecting and responding to current and emerging computer security threats and attacks.

Building on the methods and tools discussed in the Foundations of Incident Management course, this course provides guidance that incident handlers can use in responding to complex threats and attacks, including persistent threats. Through interactive instruction, facilitated discussions, and group exercises, instructors help participants identify and analyze a set of events and then propose appropriate response strategies.

Participants work as a team throughout the week to handle a series of escalating incidents that are presented as part of an ongoing scenario. Work includes team analysis of information and presentation of findings and response strategies. Participants also review more advanced types of activities related to incident handling such as threat hunting; artifact and malware analysis; vulnerability handling; and publishing and communicating information.

This CERT incident handling course adds additional expertise for understanding incident handling and related practices and functions. Before registering for this course, participants are encouraged to attend the companion course, Foundations of Incident Management.


  • current computer security incident response team (CSIRT) and security operations center (SOC) technical staff with six or more months incident handling experience


This course will help participants to

  • detect and characterize various attack types
  • develop a strategy for analyzing and responding to complex or major events and incidents within your organization
  • comprehend various methods for analyzing artifacts left on a compromised system and issues involved with such analysis
  • develop and execute cyber threat hunting goals
  • obtain practical experience in the coordination of vulnerability handling tasks
  • formulate and deliver effective publications and communications such as advisories, alerts, after-action reports and management briefings


  • incident handling lifecycle review
  • data loss prevention techniques
  • advanced persistent threats
  • artifact and malware analysis categories and techniques overview
  • fundamental causes of vulnerabilities
  • vulnerability handling overview
  • analyzing and coordinating response to major computer security events and incidents
  • developing and delivering effective communications


Participants will receive a course workbook and electronic course materials downloadable from the SEI Learning Portal. Students attending in-person offerings in an SEI Training Facility are required to bring a laptop to be used only during course exercises.


Before registering for this course, it is recommended that participants attend the Foundations of Incident Management course. It is also recommended that participants have the following:

  • at least six months or more of incident handling experience
  • an understanding of Internet services and protocols
  • experience with Windows and Unix systems
  • experience with various types of computer security attacks, response strategies, incident handling tools

It is recommended but not required that participants also have experience programming in C, Perl, Java, or similar languages.

Dates Offered

Register Now

Course Fees [USD]

  • U.S. Industry: $3,000.00
  • U.S. Govt/Academic: $2,400.00
  • International: $6,000.00


This four-day course meets at the following times:

Days 1-4, 8:30 a.m.-4:30 p.m. Eastern Time

This course may be offered by special arrangement at customer sites. For details, please email or telephone at +1 412-268-1817.

Course Questions?

Phone: 412-268-7388

Related Courses

  • Creating a Computer Security Incident Response Team

    1 - Day Course

    This one-day course is designed for managers and project leaders who have been tasked with implementing a computer security incident response team (CSIRT). This course provides a high-level overview of the key issues and decisions that must be addressed in establishing a CSIRT. As part of the course, attendees will develop an action plan that can...

    Learn More
  • Foundations of Incident Management

    4 - Day Course

    This four-day course provides foundational knowledge for those in security-related roles who need to understand the functions of an incident management capability and how best to perform those functions. It is recommended for those new to incident handling or security operations work. The course provides an introduction to the basic concepts and...

    Learn More
  • Managing Computer Security Incident Response Teams

    3 - Day Course

    This three-day course provides current and future managers of computer security incident response teams (CSIRTs) with a pragmatic view of the issues that they will face in operating an effective team. The course provides insight into the work that CSIRT staff may be expected to handle. The course also provides prospective or current managers with...

    Learn More

Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.