Risk Identification, Monitoring, and Analysis: In the Risk Identification, Monitoring, and Analysis session, you will learn how to identify, measure, and control losses associated with adverse events. You will review, analyze, select, and evaluate safeguards for mitigating risk.You will learn processes for collecting information, providing methods of identifying security events, assigning priority levels, taking the appropriate actions, and reporting the findings to the correct individuals. After collection of the details from monitoring, we can analyze to determine if the system is being operated in accordance with accepted industry practices, and in compliance with organization policies and procedures. Incident Response and Recovery: In the Incident Response and Recovery Session, you will gain an understanding of how to handle incidents using consistent, applied approaches in order to resolve. Once an incident is identified, action will be necessary in order to resolve. We will examine processes such as damage recovery, data integrity and preservation, and the collection, handling, reporting, and prevention. You will be introduced to the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) concepts and how they can be utilized in order to mitigate damages, recover business operations, and avoid critical business interruption. Through the use of the DRP, you will understand the procedures for emergency response and post-disaster recovery. Course Objectives 1. Describe the risk management process 2. Perform security assessment activities 3. Describe processes for operating and maintaining monitoring systems 4. Identify events of interest 5. Describe the various source systems 6. Interpret reporting findings from monitoring results 7. Describe the incident handling process 8. Contribute to the incident handling process based upon role within the organization 9. Describe the supporting role in forensics investigation processes 10. Describe the supporting role in the business continuity planning process 11. Describe the supporting role in the disaster recovery planning process
Maintain Monitoring Systems: Attacker Motivations
Bewertungen
4.8 (181 Bewertungen)
- 5 stars85,08 %
- 4 stars13,81 %
- 1 star1,10 %
A
15. Jan. 2019
this was the best of all the courses that i have gone through i think i might say that now i can be able to detect incidence and recovery by now
QF
29. Okt. 2020
Excellent Course , healed me allot learning about Risk Management and And Incident Response
Aus der Unterrichtseinheit
Operate and Maintain Monitoring Systems & Analyze and Report Monitoring Results
Module Topics: Events of Interest, Logging, source Systems, Security Analytics, metrics, and Trends, Visualization, Event Data Analysis, Communication of Findings. In Events of Interest you will learn about, monitoring terminology, Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), comparing IDS and IPS, types of IDS/IPS devices, deploying HIDS and NIDS, implementation issues for monitoring, monitoring control, other considerations, sample questions to consider, collecting data for incident response, monitoring response techniques, attackers, attacker motivations, intrusions, events, types of monitoring, and file integrity checkers, continuous/compliance monitoring. In Logging, you will learn about reviewing host logs, reviewing incident logs, log anomalies, log management, clipping levels, filtering, log consolidation, log retention, centralized logging (syslog and log aggregation), syslog, distributed log collectors, hosted logging services, configuring event sources (s-flow, NetFlow, sniffer), Cosco NetFlow, What is an IP Flow, IP packet attributes, understanding network behavior, how to access the data produced by NetFlow, How does the router or switch determine which flows to export to the NetFlow collector server, format of the export data, sFlow, event correlation systems (security, information, and event management (SIEM)), SIEM functions, compliance, enhanced network security and improved IT/security operations, and full packet capture. In Source System, you will learn about comprehensive application, middleware, OS, and infrastructure monitoring, hyper capabilities, and operations manager. Analyze and Report Monitoring: In Security Analytics, Metrics, and Trends, you will learn about security baseline, network security baseline, metrics and analysis (MA), systems security engineering capability maturity model (SSE-CMM), and potential metrics. In visualization topic, you will learn about data visualization tools. In Event Data Analysis, you will learn about logs, log management, log management recommendations, and Potential uses of server log data. In Communication of Findings, you will learn about checklist for report writers and reviewers.
Unterrichtet von
(ISC)² Education & Training
Durchsuchen Sie unseren Katalog
Melden Sie sich kostenlos an und erhalten Sie individuelle Empfehlungen, Aktualisierungen und Angebote.
Coursera Footer
