• No results found

EC-Council Certified Incident Handler

N/A
N/A
Info
Download
Protected

Academic year: 2022

Share "EC-Council Certified Incident Handler"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

EC-Council Certified Incident Handler

Duration: 365 Days Course Code: ECIH Delivery Method: E-learning

Overview:

The ECIH program is designed to provide you with the fundamental skills to handle and respond to the computer security incidents in an information system. The course addresses various underlying principles and techniques for detecting and responding to current and emerging computer security threats.

You will learn how to handle various types of incidents, risk assessment methodologies, and various laws and policies related to incident handling. In addition, you will be able to create incident handling and response policies as well as deal with various types of computer security incidents.

The IT incident management training program will enable students to be proficient in handling and responding to various security incidents such as network security incidents, malicious code incidents, and insider attack threats. In addition, students will learn about computer forensics and its role in handling and responding to incidents. The course also covers incident response teams, incident management training methods, and incident recovery techniques in detail. The ECIH certification will provide professionals greater industry acceptance as the seasoned incident handler.

Format: Subscription Length: 365 Days

Target Audience:

This course will significantly benefit incident handlers, risk assessment administrators, penetration testers, cyber forensic investigators, venerability assessment auditors, system administrators, system engineers, firewall administrators, network managers, IT managers, IT professionals and anyone who is interested in incident handling and response.

Objectives:

Introduction to Incident Response and Handling Handling Insider Threats

Risk Assessment Forensic Analysis and Incident Response

Incident Response and Handling Steps Incident Reporting

Computer Security Incident Response Teams Incident Recovery Handling Network Security Incidents Security Policies and Laws Handling Malicious Code Incidents

Prerequisites: Testing and Certification

Students need to pass the online ECC Exam Center exam to receive the ECIH certification - taken after the course.

Duration: 2 Hours Questions: 50

(2)

Content:

Module 01: Introduction to Incident Response Module 05: Handling Network Security Module 09: Incident Reporting

and Handling Incidents line

line line Incident Reporting

Cyber Incident Statistics Denial-of-Service Incidents Why to Report an Incident Computer Security Incident Distributed Denial-of-Service Attack Why Organizations do not Report

Information as Business Asset Detecting DoS Attack Computer Crimes

Data Classification Incident Handling Preparation for DoS Whom to Report an Incident

Common Terminologies DoS Response Strategies How to Report an Incident

Information Warfare Preventing a DoS Incident Details to be Reported

Key Concepts of Information Security Following the Containment Strategy to Preliminary Information Security Incident

Vulnerability, Threat, and Attack Stop DoS Reporting Form

Types of Computer Security Incidents Unauthorized Access Incident CERT Incident Reference Numbers Examples of Computer Security Incidents Detecting Unauthorized Access Incident Contact Information

Verizon Data Breach Investigations Report – Incident Handling Preparation Sample Report Showing Contact

2008 Incident Prevention Information

Incidents That Required the Execution of Following the Containment Strategy to Summary of Hosts Involved

Disaster Recovery Plans Stop Unauthorized Access Sample Report Showing Summary of

Signs of an Incident Eradication and Recovery Hosts Involved

Incident Categories Recommendations Description of the Activity

Incident Categories: Low Level Inappropriate Usage Incidents Sample Report Showing Description of the Incident Categories: Middle Level Detecting the Inappropriate Usage Activity

Incident Categories: High Level Incidents Log Extracts Showing the Activity

Incident Prioritization Incident Handling Preparation Example Showing the Log Extracts of an

Incident Response Incident Prevention Activity

Incident Handling Recommendations Time Zone

Use of Disaster Recovery Technologies Multiple Component Incidents Federal Agency Incident Categories Impact of Virtualization on Incident Preparation for Multiple Component Organizations to Report Computer Incident

Response and Handling Incidents United State Internet Crime Task Force

Estimating Cost of an Incident Following the Containment Strategy to Internet Crime Complaint Center (IC3) Key Findings of Symantec Global Disaster Stop Multiple Component Incidents Computer Crime ; Intellectual Property

Recovery Survey - 2009 Recommendations Section

Incident Reporting Network Traffic Monitoring Tools Internet Watch Foundation (IWF)

Incident Reporting Organizations Ntop Incident Reporting Guidelines

Vulnerability Resources EtherApe Sample Incident Reporting Form

Ngrep Sample Post Incident Report Form

Module 02: Risk Assessment SolarWinds: Orion NetFlow Traffic

line Analyzer Module 10: Incident Recovery

Risk Nagios: op5 Monitor line

Risk Policy CyberCop Scanner Incident Recovery

Risk Assessment Network Auditing Tools Principles of Incident Recovery

NIST’s Risk Assessment Methodology Nessus Incident Recovery Steps

Step 1: System Characterization Security Administrator's Integrated Contingency/Continuity of Operations

Step 2: Threats Identification Network Tool (SAINT) Planning

Step 3: Identify Vulnerabilities Security Auditor's Research Assistant Business Continuity Planning

Step 4: Control Analysis (SARA) Incident Recovery Plan

Step 5: Likelihood Determination Nmap Incident Recovery Planning Process

Step 6: Impact Analysis Netcat Incident Recovery Planning Team

Step 7: Risk Determination Wireshark Business Impact Analysis

Step 8: Control Recommendations Argus - Audit Record Generation and Incident Recovery Plan Implementation

Step 9: Results Documentation Utilization System Incident Recovery Training

Steps to Assess Risks at Work Place Snort Incident Recovery Testing

Step 1: Identify Hazard Network Protection Tools

Step 2: Determine Who Will be Harmed and Iptables Module 11: Security Policies and Laws

How Proventia Network Intrusion Prevention line

Step 3: Analyze Risks and Check for System (IPS) Security Policy

Precautions NetDetector Key Elements of Security Policy

Step 4: Implement Results of Risk TigerGuard Goals of a Security Policy

Assessment Characteristics of a Security Policy

Step 5: Review Risk Assessment Module 06: Handling Malicious Code Design of Security Policy

Risk Analysis Incidents Implementing Security Policies

Need for Risk Analysis line Acceptable Use Policy (AUP)

Risk Analysis: Approach Count of Malware Samples Access Control Policy

Risk Mitigation Virus Sample Access Control Policy

(3)

Risk Mitigation Strategies Worms Importance of Access Control Policies

Cost/Benefit Analysis Trojans and Spywares Asset Control Policy

NIST Approach for Control Implementation Incident Handling Preparation Audit Trail Policy

Residual Risk Incident Prevention Sample Audit Trail Policy 1

Risk Management Tools Detection of Malicious Code Importance of Audit Trail Policy

CRAMM Containment Strategy Logging Policy

Acuity STREAM Evidence Gathering and Handling Importance of Logging Policies

Callio Secura 17799 Eradication and Recovery Documentation Policy

EAR / Pilar Recommendations Evidence Collection Policy

Antivirus Systems Evidence Preservation Policy

Module 03: Incident Response and Handling Symantec: Norton AntiVirus 2009 Information Security Policy

Steps Kaspersky Anti-Virus 2010 Information Security Policy: University of

line AVG Anti-Virus California

How to Identify an Incident McAfee VirusScan Plus Information Security Policy: Pearce ;

Handling Incidents BitDefender Antivirus 2009 Pearce, Inc.

Need for Incident Response F-Secure Anti-Virus 2009 Importance of Information Security Policy Goals of Incident Response Trend Micro AntiVirus plus AntiSpyware National Information Assurance

Incident Response Plan 2009 Certification ; Accreditation Process

Purpose of Incident Response Plan HijackThis (NIACAP) Policy

Requirements of Incident Response Plan Tripwire Enterprise Importance of NIACAP Policy

Preparation Stinger Physical Security Policy

Incident Response and Handling Steps Sample Physical Security Policy 1

Step 1: Identification Module 07: Handling Insider Threats Sample Physical Security Policy 2

Step 2: Incident Recording line Importance of Physical Security Policies

Step 3: Initial Response Insider Threats Physical Security Guidelines

Step 4: Communicating the Incident Anatomy of an Insider Attack Personnel Security Policies ; Guidance

Step 5: Containment Insider Risk Matrix Law and Incident Handling

Step 6: Formulating a Response Strategy Insider Threats Detection Role of Law in Incident Handling Step 7: Incident Classification Insider Threats Response Legal Issues When Dealing With an Step 8: Incident Investigation Insider’s Incident Response Plan Incident

Step 9: Data Collection Guidelines for Detecting and Preventing Law Enforcement Agencies

Step 10: Forensic Analysis Insider Threats Laws and Acts

Step 11: Evidence Protection Human Resources Searching and Seizing Computers without

Step 12: Notify External Agencies Network Security a Warrant

Step 13: Eradication Access Controls A: Fourth Amendment’s “Reasonable

Step 14: Systems Recovery Security Awareness Program Expectation of Privacy” in Cases Involving Step 15: Incident Documentation Administrators and Privileged Users Computers: General Principles

Step 16: Incident Damage and Cost Backups A.4: Private Searches

Assessment Audit Trails and Log Monitoring The Privacy Protection Act

Step 17: Review and Update the Response Employee Monitoring Tools Federal Information Security Management

Policies Activity Monitor Act (FISMA)

Training and Awareness Net Spy Pro Mexico

Security Awareness and Training Checklist Spector Pro Brazilian Laws

Incident Management SpyAgent Canadian Laws

Purpose of Incident Management Handy Keylogger United Kingdom’s Laws

Incident Management Process Anti Keylogger Belgium Laws

Incident Management Team Actual Spy German Laws

Incident Response Team IamBigBrother Italian Laws

Incident Response Team Members 007 Spy Software Cybercrime Act 2001

Incident Response Team Members Roles SpyBuddy Information Technology Act

and Responsibilities SoftActivity Keylogger Singapore Laws

Developing Skills in Incident Response Elite Keylogger Sarbanes-Oxley Act

Personnel Spy Sweeper Social Security Act

Incident Response Team Structure Gramm-Leach-Bliley Act

Incident Response Team Dependencies Module 08: Forensic Analysis and Incident Health Insurance Portability and

Incident Response Team Services Response Accountability Act (HIPAA)

Defining the Relationship between Incident line Intellectual Property Laws

Response, Incident Handling, and Incident Computer Forensics Intellectual Property

Management Objectives of Forensics Analysis US Laws for Trademarks and Copyright

Incident Response Best Practices Role of Forensics Analysis in Incident Australia Laws For Trademarks and

Incident Response Policy Response Copyright

Incident Response Plan Checklist Forensic Readiness UK Laws for Trademarks and Copyright Incident Handling System: RTIR Forensic Readiness And Business China Laws for Trademarks and Copyright

RPIER 1st Responder Framework Continuity Indian Laws for Trademarks and Copyright

Types of Computer Forensics Japanese Laws for Trademarks and

(4)

Module 04: CSIRT Computer Forensic Investigator Copyright

line People Involved in Computer Forensics Canada Laws for Trademarks and

What is CSIRT? Computer Forensics Process Copyright

What is the Need of an Incident Response Digital Evidence South African Laws for Trademarks and

Team (IRT) Characteristics of Digital Evidence Copyright

CSIRT Goals and Strategy Collecting Electronic Evidence South Korean Laws for Trademarks and

CSIRT Vision Challenging Aspects of Digital Evidence Copyright

Common Names of CSIRT Forensic Policy Belgium Laws for Trademarks and

CSIRT Mission Statement Forensics in the Information System Life Copyright

CSIRT Constituency Cycle Hong Kong Laws for Intellectual Property

CSIRT Place in the Organization Forensic Analysis Guidelines CSIRT Relationship with Peers Forensics Analysis Tools

Types of CSIRT Environments Helix

Best Practices for creating a CSIRT Tools Present in Helix CD for Windows Step 1: Obtain Management Support and Forensics

Buy-in Windows Forensic Toolchest

Step 2: Determine the CSIRT Development Knoppix Linux

Strategic Plan The Coroner's Toolkit (TCT)

Step 3: Gather Relevant Information EnCase Forensic

Step 4: Design your CSIRT Vision THE FARMER'S BOOT CD (FBCD) Step 5: Communicate the CSIRT Vision DumpReg

Step 6: Begin CSIRT Implementation DumpSec

Step 7: Announce the CSIRT DumpEvt

Step 8: Evaluate CSIRT Effectiveness Foundstone Forensic ToolKit

Role of CSIRTs Sysinternals Suite

Roles in an Incident Response Team NSLOOKUP

CSIRT Services dig – DNS Lookup Utility

Reactive Services Whois

Proactive Services VisualRoute

Security Quality Management Services Netstat Command CSIRT Policies and Procedures Linux: DD Command

Attributes Linux: Find Command

Content Linux: Arp Command

Validity Linux: ps, ls, lsof, and ifconfig

Implementation, Maintenance, and Commands

Enforcement Linux: Top Command

How CSIRT Handles a Case Linux: Grep Command

CSIRT Incident Report Form Linux: Strings Command Incident Tracking and Reporting Systems

Application for Incident Response Teams (AIRT)

BMC Remedy Action Request System PGP Desktop Email

The GNU Privacy Guard (GnuPG) Listserv

CERT CERT-CC

CERT(R) Coordination Center: Incident Reporting Form

CERT:OCTAVE OCTAVE Method OCTAVE-S OCTAVE Allegro World CERTs

Australia CERT (AUSCERT) Hong Kong CERT (HKCERT/CC) Indonesian CSIRT (ID-CERT) Japan CERT-CC (JPCERT/CC) Malaysian CERT (MyCERT) Pakistan CERT (PakCERT) Singapore CERT (SingCERT) Taiwan CERT (TWCERT) China CERT (CNCERT/CC) US-CERT

Government Forum of Incident Response

(5)

and Security Teams (GFIRST) Canadian CERT

Forum of Incident Response and Security Teams

CAIS/RNP

NIC BR Security Office Brazilian CERT EuroCERT

FUNET CERT SURFnet-CERT DFN-CERT JANET-CERT CERT POLSKA

Swiss Academic and Research Network CERT

http://www.first.org/about/organization/teams /

http://www.apcert.org/about/structure/memb ers.html

IRTs Around the World

Further Information:

For More information, or to book your course, please call us on 00 966 92000 9278

[email protected] www.globalknowledge.com/en-sa/

Global Knowledge - KSA, 393 Al-Uroubah Road, Al Worood, Riyadh 3140, Saudi Arabia

References

Download now ( PDF - 5 Page - 58.08 KB )

Related documents

Potential of energy recovery from an integrated palm oil mill with biogas power plant

As an initiative to develop the research of optimizing the energy efficiency of integrated palm oil mill with the biogas power plant, this study is directed toward the analysis

Incident Handling. Applied Risk Management. September 2002

Incident Handling is the management of Information Security Events... What is an

Security Incident Procedures Response and Reporting Policy

As soon as security incidents are detected they should be immediately reported to a member of the Security Incident Response Team or the Security Officer.. A Security

Capoeira-Basics.pdf

your other hand as a pivot and gently step down in the opposite direction.(example: lift your  lift your  left hand, turn clockwise for 180 degrees, put it down again, lower one

Strategies for bypassing the membrane barrier in multidrug resistant Gram-negative bacteria

Consequently, in order to bypass the membrane barrier existing in resistant isolates, we need to develop various strategies to in- crease the diffusion of antibiotics through

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

•  Response: Develop an Incident Response Plan and the staff to respond to security incidents. Invest in the appropriate training and tools

Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India

– Computer Security Incident Response (Reactive) – Computer Security Incident Prevention (Proactive) – Security Quality Management Services. •

Revision of the EU GPP criteria for Food procurement and Catering services, 3rd Technical Report

The TR1.0 (JRC 2016b) proposed a criterion that partially tackled (at least partially the first and second impacts (not the end of life phase impacts), including criteria on