• Discover how to take this course: Online, In-Person sans.org/ldr553 LDR553: Cyber Incident Management What is Cyber Incident Management? Cyber Incident Management (IM) sits above Incident Response (IR) and is tasked to manage incidents that get too big for the Security Operations Center (SOC) and IR. These tend to be the more impactful or larger incidents that IR is not scaled to handle as it requires significant liaison with internal and external partners to coordinate the investigation, forensics, planning, recovery, remediation, and to brief the corporate comms, C-level staff and board as needed. Less technical and more business focused, the IM team will take the output from IR and relay it to the necessary teams as they coordinate wider investigations and hardening, hygiene and impact assessment as they plan towards recovery. A strong IR lead may fulfill the IM role, but during critical incidents IRs are often shoulder deep in malware, systems, logs and images to process to the point where all technically capable IR staff are kept focused on technical tasks. IMs are more business focused and IR is more technically focused. Open in Case of Emergency LDR553 looks at all the common and major cyber incident types, explains what the key issues are, and how plan a recovery. Whilst you may have a full team of technical staff standing by to find, understand, and remove the attackers, they need information, tasking, managing, supporting, and listening to maximize their utilization and effectiveness. We focus on building a team to remediate the incident, on managing that team, on distilling the critical data for briefing, and how to run that briefing. We look at communication at all levels from the hands-on team to the executives and Board, investigative journalists, and even the attackers. This course empowers you to become an effective incident management team member or leader; ensuring you fully understand the different issues facing incident commanders in the immediate, short and medium term. As well as becoming comfortable with terminology, you will understand what preparatory work you can undertake at different stages to help you get ahead of the situation. LDR553 was developed to ensure efficient management of a diverse range of incidents with a focus on cyber; however, the methodology, concepts and guidance will apply to many regular major and critical incidents. Business Takeaways • Develop staff that know how to lead or contribute to a cyber incident management team • Manage your incidents more effectively • Resolve incidents quicker • Understand the gaps in your security incident plans and response strategies • Create higher performing security incident teams • Plan ahead to handle some of the most devastating potential attacks “ Brilliant insight. Excellent content. An absolute must course for anyone dealing with incident management.” —Gary Smith You Will Be Able To • Implement various incident response frameworks • Scope incidents correctly • Define the incident management team’s objectives • Effectively manage a team under extreme pressure • Be aware of human responses to facing catastrophically impactful urgent changes • Structure, manage, and deliver briefings to upper management and the Board • Plan and control communications when managing a serious incident • Communicate with attackers about the pros and cons thereof • Know where and how to track the incident • Plan, coordinate, and execute counter compromise activities • Master incident reports both during and post closure • Understand the steps to close the incident and return to business as usual • Understand the constraints of third-party or supply-chain incidents • Plan for and deal with a compromised supply-chain organization • Foster better cyber incident management support in other departments through combined training and exercises • Plan, setup, and run cyber incident management training exercises • Integrate Cyber Threat Intelligence to the IM team and capabilities • Understand how bug bounties can be supported and how they can cause major incidents • Develop the team to be able to investigate cloud attacks • Support the Legal team in Business Email Compromise attacks and the nuances of types • Track and improve the IM team’s capability with playbooks and runbooks • Comprehend the value and risks that AI could bring to the overall IR and IM process • Improve readiness for ransomware attacks via simulated exercises 5 Day Course 30 CPEs Laptop Required