Operational cyber security / Professional

ANT0401

Handling cyber security incidents

Duration of training: 5 days

start date: Monday, May 12, 2025

sign up for a course

description
course

The material of this course will allow listeners to study the processes, techniques, and tools for handling cyber security incidents. The course material also covers how to organize cyber security incident handling processes and how to integrate them into the overall corporate cyber security architecture.

course audience

Engineers handling cyber security incidents; Digital forensics engineers.

prerequisites

Knowledge of monitoring cyber security events and incidents at the ANT0041 course level is required.

how it works
education

online course

The online course involves group classes with an instructor via video conferencing, in addition, homework and an exam.

for corporate clients

training for corporate clients includes online and self-study courses, as well as additional services required by corporate clients: organizing training plans for client departments, assessing the effectiveness of training, etc.

teacher
course

program
course

• Classification of cyber attacks.
• Stages of conducting a cyber attack.
• Cyber attacks artifacts and their interconnections.
• Process of handling incidents.
• Tools and infrastructure for handling incidents.
• Monitoring events and incidents.
• Digital forensics within incident handling.
• Initial response to an incident.
• Confirming the incident.
• Determining the scope of the incident.
• Developing and applying immediate measures to contain the incident.
• Developing advanced infrastructure monitoring measures.
• Developing eradication measures for malicious activity.
• Developing a timeline of malicious activity removal.
• Specifics of responding to database-related incidents.
• Advanced network monitoring.
• Advanced end-devices monitoring.
• Advanced services and applications monitoring.
• Tracking an incident using indicators of compromise.
• Using flags and beacons in the IT infrastructure for monitoring.
• The process of conducting forensic investigations.
• Digital forensics tools.
• File and operating systems artifacts.
• RAM artifacts.
• Reconstructing the chronology of events from cyber attack artifacts.
• Generating and analyzing indicators of compromise in digital systems.
• Diamond model and TTP (Tactics, Technics, Procedures) information.
• Using compromise indicators to detect malicious activity.
• Removing malicious activity on the network.
• Removing malicious activity end-devices.
• Removing malicious activity on services and applications.
• Documenting the process and results of malicious activity removal.
• Corporate cyber security architecture.
• Recommendations strategically modernizing corporate cyber security architecture based on incident data.
• Embedding incident handling processes into corporate cyber security processes.

Сourse purchase
options

individual

Cost — $1,550.00

Group online classes

Unlimited access to all the materials

Live webinars with teachers

Homework

Exam with certificate

Course dates:

pay for the course

corporate

Cost от $1,550.00

To obtain information about the final cost and clarify the date of the course, please fill out the form.

SUBMIT YOUR APPLICATION

* By clicking “send”, you agree to the Terms of Service And Privacy Policy