Introduction
The number of successful data breaches continues to increase everyday. Adversaries seem to have the upper hand, as many organizations fail to effectively detect and quickly respond to these breaches. Over 80% of all breach victims learn of a compromise from third-party
notifications, not from internal security teams, and are often caught by surprise.
A Security Operations Center or SOC monitors enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints). The Security Operations Center allows an organization to enforce and test its security policies,
processes, procedures and activities through one central platform that monitors and evaluates the effectiveness of the individual elements and the overall security system.
Importance Of Incident Response & Digital Forensics
This course shall cover the design, deployment and operation of the SOC. Once this course is completed, you will have the skills to perform your SOC responsibilities effectively.
Here, instructors will teach you the skills to analyze and detect threats to an organization through demonstrations, labs, and lectures.
The course covers the functional areas: Communications, Network Security Monitoring, Threat Intelligence, Incident Response, Forensics, and Self-Assessment. Security Operations Centers are used to monitor, detect, respond and mitigate threats to the organization.
WHO SHOULD ATTEND?
1.Cyber Security professionals
2.Blue Team Members
3.SOC Specialists
4.SOC Leaders and Managers
Security Operations Center Concepts
(Day – 1)
• What is SOC
• Evolution of SOC
• Why is it required? (Objectives)
• SOC Infrastructure
• Log management
o Computer Security Log Management
o Log Management Infrastructure
o Log Management Planning
o Log Management Operational Process
SIEM (Security Information & Event Management)
(Day - 2 & 3)
• Introduction to SIEM
• SIEM Architecture
• Logs and Events
• Understanding logs, various formats
• Log Baselining
• Aggregation and normalization
• Event Collection and Event Correlation
• Correlation Rules
• IBM QRadar
o Components
o Console Overview
o LIVE Demo
Incident Response (Day - 4)
• Incident Response Plan
o Purpose of Incident Response Plan
o Requirements of Incident Response Plan
o Preparation
• Incident Management
o Purpose of Incident Management
o Incident Management Process
o Incident Management Team
• Incident Response Team
o Incident Response Team Members
o Incident Response Team Members Roles and
Responsibilities
o Developing Skills in Incident Response Personnel
o Incident Response Team Structure
o Incident Response Team Dependencies
o Incident Response Team Services
o Defining the Relationship between Incident Response, Incident Handling, and Incident Management
o Incident Response Best Practices
o Incident Response Policy
o Incident Response Plan Checklist
Incident Response and Handling Steps
o Step 1: Identification
o Step 2: Incident Recording
o Step 3: Initial Response
o Step 4: Communicating the Incident
o Step 5: Containment
o Step 6: Formulating a Response Strategy
o Step 7: Incident Classification
o Step 8: Incident Investigation
o Step 9: Data Collection
o Step 10: Forensic Analysis
o Step 11: Evidence Protection
o Step 12: Notify External Agencies
o Step 13: Eradication
o Step 14: Systems Recovery
o Step 15: Incident Documentation
o Step 16: Incident Damage and Cost Assessment
o Step 17: Review and Update the Response Policies
Trainer Details
Swapnil Khandekar
Trainer and Cybersecurity Specialist, Network Intelligence
Swapnil currently serves as a Senior Cybersecurity Analyst at NII and Senior trainer at IIS. His work mainly focuses on Security trainings, Vulnerability Assessment and Penetration Testing for NII. His technical abilities span across SOC, Networks, Web Apps, Databases, Digital Forensics, Cloud Security, Red teaming, and ISO Compliance. He has overall experience of 6+ years in the field of Information security and training on relevant topics.
Udit Pathak
Head of Department– Compliance and Audit, Network Intelligence
Udit has rich experience of 10+ Years in the field of information security and Audits., He has carried out PCI DSS audits, ISO27001, Vulnerability assessments, System and Server Audits, Web application security assessments, Secure code reviews, Technical security assessments, Vendor
Audits, HIPAA Implementation & Audits, and SOC maturity assessments. Udit heads the Compliance & Audit Delivery channel at Network Intelligence. He has delivered excellent projects across the globe for the payment ecosystem, BFSI, the travel industry, health care, and defense
services for both cloud and traditional on-prem solutions.
past_events