Course Description:
I. Learning Objectives
These learning objectives are designed to provide a comprehensive understanding of the ISO/IEC 27035 series of standards for information security incident management. Upon completion of a course or training program based on these objectives, participants should be able to effectively plan for, detect, respond to, and learn from information security incidents.
Foundational Concepts and Principles
• Understand the fundamentals of information security incident management.
o Define what constitutes an information security incident, event, and vulnerability.
o Explain the importance and benefits of a structured approach to incident management.
o Describe the relationship between incident management, business continuity, and risk management.
• Articulate the principles of ISO/IEC 27035.
o Explain the key principles of the ISO/IEC 27035 standard.
o Describe the structure and components of the ISO/IEC 27035 series of standards.
Plan and Prepare
• Develop an information security incident management policy.
o Identify the key components of an effective incident management policy.
• Establish an incident response team (IRT).
o Define the roles, responsibilities, and required skills for an IRT.
o Develop a model for an IRT suitable for a given organization.
• Create a comprehensive incident management plan.
o Outline the essential elements of an incident management plan.
• Prepare for incident detection and reporting.
o Identify and select appropriate tools and technologies for incident detection.
o Establish clear procedures for reporting information security events and incidents.
Detect and Report
• Effectively detect and report information security incidents.
o Analyze and identify potential information security incidents from various sources.
• Utilize established channels to report suspected incidents in a timely and effective manner.
• Understand the importance of timely and accurate reporting.
o Explain the potential consequences of delayed or inaccurate incident reporting.
o Describe the initial information required for an effective incident report.
Assess and Decide
• Assess and classify information security incidents.
o Develop criteria for assessing the impact and severity of incidents.
o Apply a classification scheme to prioritize incidents for response.
• Make informed decisions about incident response.
o Determine the appropriate response strategy based on the incident assessment.
o Understand when and how to escalate an incident to senior management or external parties.
Respond
• Contain, eradicate, and recover from information security incidents.
o Apply appropriate techniques to contain the spread of an incident.
o Develop strategies for eradicating the root cause of an incident.
o Plan and execute recovery procedures to restore affected systems and services.
• Manage incident communication and coordination.
o Develop a communication plan for internal and external stakeholders.
o Effectively coordinate the activities of the incident response team and other relevant parties.
• Collect and manage evidence.
o Understand the principles of forensic evidence collection and handling.
o Apply procedures for preserving the integrity of evidence for potential legal action.
Learn Lessons
• Conduct post-incident analysis
o Facilitate a post-incident review to identify lessons learned.
o Analyze the root cause of incidents to prevent recurrence.
• Improve the incident management process
o Develop recommendations for improving policies, procedures, and controls.
o Integrate lessons learned into the incident management plan and training programs
COURSE FEE:
ISACA Member Php5,250.00
Non-Member Php7,350.00
Fees are subject to 12% VAT