Course curriculum
-
1
Welcome to the Incident Response Course Designed by California Cybersecurity Institute at Cal Poly
-
Welcome to the Incident Response Course and Support Contact for this course
-
Course Outline/Syllabus
-
-
2
Module 1 Real-World Incidents
-
Agenda Module 1 Real-World Incident
-
Presentation ch1 from Book Real World Incidents Case Studies Slides 1-47
-
Homework Read this pdf on Lessons-Learned-Recovering-from Ransomware
-
Homework Five Things CEOs should Know about Cybersecurity Ten Things CEOs should Do about Cybersecurity
-
Homework Read about The Four Essential Personalities for a Strong Cybersecurity Team
-
Homework Read this to better understand Incident Response Frameworks SANS NIST
-
Homework What Is Security Incident Response? Cybersecurity Meg Videos.
-
Homework The Before, During, and After of Successful Enterprise Incident Response
-
Homework Read this website and watch the videos. Cyber Attacks: Is the ‘Big One’ Coming Soon?
-
Tabletop#2 Cyber Exercise Scenario Ransomeware Tabletop Extra Resource
-
Tabletop #1 15 Min Learn By Doing Exercise Scenario/Tabletop Exercise to try with your team (NIST Framework) Extra Resource
-
Module 1 Homework DarkSide: The $90 Million Dollar Hackers Colonial Pipeline Attack
-
Homework watch this Anatomy of an Attack & Anatomy of an Attack on IoT
-
Sample Intrusion Detection Incident Response Plan
-
-
3
Module 2 IR Management Handbook
-
Module 2 IR Management Handbook AGENDA
-
Presentation Incident Response Handbook ch2 from book
-
Homework Alert (AA20-133A) Top 10 Routinely Exploited Vulnerabilities Original release date: May 12, 2020
-
Homework What is a CVE? CVE® is a list of publicly disclosed cybersecurity vulnerabilities that is free to search, use, and incorporate into products and services, per the terms of use.
-
Homework CISA Hunt and Incident Response Program (CHIRP) has a new forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with Active Directory/M365 Compromise.
-
Extra Resource FBI Internet Crime 2020 IC3 Report Review this document.
-
Incident Response Plan Templates
-
-
4
Module 3 Pre-Incident Preparation
-
Agenda Module 3 Pre-Incident Preparation
-
ch3 Pre-Incident Preparation from book presentation
-
Proactive Preparation and Hardening to Protect Against Destructive Attacks https://www.mandiant.com/resources/protect-against-destructive-attacks
-
-
5
Module 4 Remediation Introduction
-
Agenda Module 4 Remediation Introduction
-
Remediation from Book ch17 Presentation
-
-
6
EXTRA RESOURCES NOT REQUIRED ch4-5 from book Getting the Investigation started on the right foot & Initial Development of Leads
-
Homework Read this to better understand Incident Response and Management
-
Homework AT&T Insider's Guide to Incident Response
-
ch4-5 from book Getting the Investigation started on the right foot & Initial Development of Leads
-
Extra Resource keep handy and skim through the PAN 2020 cybersecurity-survival-guide pdf
-
Module Developing a Cybersecurity Program presentation
-
Information Security program (ISP) sample
-
ITS Incident Managementsample
-
Incident Outreach Template sample
-
Incident Update Template sample
-
Service Restored Templatesample
-
-
7
EXTRA RESOURCES NOT REQUIRED The MITRE ATT&CK
-
Overview of MITRE & ATT&CK Framework and Navigator
-
Review what is The MITRE ATT&CK_Social Engineering Example PPT from Jamie/Henry
-
ComplianceForge Hierarchical Cybersecurity Governance Framework
-
-
8
EXTRA RESOURCES NOT REQUIRED Critical Information in Organizations
-
2021-Security outcomes-study-main-report
-
Anticipating the Unknowns-CISO 2019 Benchmark Study - Cisco Cybersecurity Series
-
What is a Cybersecurity Posture?
-
-
9
EXTRA RESOURCES NOT REQUIRED Bloodhound Tool Responding to and Preventing Cybersecurity Incidents
-
BloodHound - Getting Started
-
BloodHound - Getting Started
-
BROKEN-TRUST Lessons Learned from Sunburst & Solarwinds
-
Solarwinds/Sunburst Links for review
-
Countering cyber proliferation: Zeroing in on Access-as-a-Service reading
-
NIST: Computer Security Incident Handling Guide
-
-
10
EXTRA RESOURCES NOT REQUIRED Simulation Games to test your knowledge and Data Breach Response Plan
-
Play these two Simulation Games to test your knowledge.
-
Module Homework Review this sample plan from Carnegie Mellon Sample Incident Response Plan v1.5 2020
-
Module Homework Read this article on The Criticality of Crisis Communications in a Data Breach Response Plan.
-
-
11
EXTRA RESOURCES NOT REQUIRED Activity Incident Response Scenario #1 Malware Attack of the Popup Messages
-
Activity Incident Response Scenario #1 Malware Attack of the Popup Messages
-
Activity Incident Response Scenario #1 Malware Attack of the Popup Messages Quiz
-
Activity Incident Response Scenario #1 Malware Attack of the Popup Messages Pt. 2
-
Activity Incident Response Scenario #1 Malware Attack of the Popup Messages Quiz Pt. 2
-
Activity Incident Response Scenario #1 Malware Attack of the Popup Messages Pt. 3
-
Activity Incident Response Scenario #1 Malware Attack of the Popup Messages Quiz Pt. 3
-
-
12
EXTRA RESOURCES NOT REQUIRED Activity Incident Response Scenario #2 Physical Security: We Didn't Send A Technician
-
Activity Incident Response Scenario #2 Physical Security: We Didn't Send A Technician
-
Activity Incident Response Scenario #2 Physical Security: We Didn't Send A Technician Quiz
-
Activity Incident Response Scenario #2 Physical Security: We Didn't Send A Technician Pt. 2
-
Activity Incident Response Scenario #2 Physical Security: We Didn't Send A Technician Pt. 2 Quiz
-
Activity Incident Response Scenario #2 Physical Security: We Didn't Send A Technician Pt. 3
-
Activity Incident Response Scenario #2 Physical Security: We Didn't Send A Technician Pt. 3 Quiz
-
-
13
EXTRA RESOURCES NOT REQUIRED Incident Response Consortium Playbook- Unauthorized Access 7 Steps defined by NIST
-
Playbook Unauthorized Access
-