RSA Incident Handling & Response


The program provides a thorough overview of tasks, processes, procedures, escalation workflows and tools used by a Security Analyst/Incident Handler. Through use cases, examples, and hands-on exercises, participants investigate a variety of critical incident response scenarios. The instructional material emphasizes decision-making and prioritization with the goal of teaching the participants how to make an assessment in a short amount of time using security monitoring instrumentation, contextual analysis and correlation to indicators of network exploitation. participants develop a broader understanding of the role the SOC fulfills in the larger organization, including exposing them to the legal and regulatory compliance issues associated with incident response and assessing organizational risk.


3 days (24 hours)

Course Objectives

Upon completing the program, participants should be able to:

  • Outline sustainable and repeatable tasks, processes, procedures, escalation points and workflows of the Security Analyst/Incident Handler
  • Ingest daily intelligence reports and preview shift logs
  • Recognize the legal, corporate investigative responsibilities and compliance issues associated with incident responses
  • Participate in risk analysis for central and distributed networks to include the impact of cloud based infrastructures as part of the SOC
  • Review, triage, investigate and analyze escalated events and incidents from other analysts or IS groups during shift
  • Monitor security events using all SOC data sources
  • Investigate all incidents aligned to proper process, procedure and escalation points
  • Prioritize incident response relative to threat severity, business context and activity volume
  • Recommend, develop and implement remediation procedures
  • Create an incident report with appropriate handoffs and closure
  • Coordinate, de-conflict and align event and incident communication
  • Support root cause analysis
  • Prepare communication for executives and enterprise stakeholders
Who should attend

Security Analysts with 6-12 months of experience working in a Security Operations Center, Network Operation Center (NOC), Critical Incident Response Team (CIRT) or similar function.

Course outline

1.     Tools & Tasks of an Incident Handler

  • List the tasks, processes, procedures and escalation points of a level two security analyst
  • Identify the tools used by the level two security analyst
  • Provide examples of the types of incidents handled by the level two security analyst
  • Ingest daily intelligence reports & previous shift logs for efficient operation handoffs, escalations & transitions

2.     Participate in Regulatory Compliance

  • Define security compliance
  • Describe the types of compliance standards
  • Outline the steps to become compliant with a standard
  • Distinguish a security program from a compliance program
  • Outline what happens during a compliance audit
  • Identify the responsibilities of a security analyst for a security audit

3.     Contribute to Risk Assessment & Mitigation

  • Monitor security control to mitigate risk
  • Participate in risk analysis for central & distributed networks
  • List organizational assets protected by the SOC
  • Assess vulnerabilities of assets

4.      Investigate an Incident

  • Investigate all escalated incidents
  • Summarize the steps required to create a malware analysis environment
  • Explore the tools included in the program’s malware analysis environment
  • Respond to an Incident
  • Escalate incident as required

5.     Prioritize Incident Response Recommending Remediation

  • Recommend remediation to operations & make recommendations to appropriate department after each incident

6.     Address After-Action Items

  • Create an incident report
  • Derive & incorporate threat intelligence from incident
  • Root cause analysis

7.     Prepare Executive-Level Communication

  • Prepare a brief to senior management
  • Summarize incident to Operations
  • Học trực tuyến

  • Học tại Hồ Chí Minh

  • Học tại Hà Nội

Các khóa học khác