Information Security Training Icon

Incidence Preparedness and Response

3 Days Classroom Session   |  
3 Days Live Online
Classroom Registration
Group Rate:
(per registrant, 2 or more)
GSA Individual:
Live Online Registration
Live Online:
Private Onsite Package

This course can be tailored to your needs for private, onsite delivery at your location.

Request a Private Onsite Price Quote

Professional Credits


ASPE is an IIBA Endorsed Education Provider of business analysis training. Select Project Delivery courses offer IIBA continuing development units (CDU) in accordance with IIBA standards.


Select courses offer Leadership (PDU-L), Strategic (PDU-S) and Technical PMI professional development units that vary according to certification. Technical PDUs are available in the following types: ACP, PBA, PfMP, PMP/PgMP, RMP, and SP.


In today's world of uncertainty it is necessary to be prepared for a wide range of data security incidents. This course takes the candidate through the critical steps required to prepare for the inevitable incident. The course covers all the phases of incident preparation and response, from the pre-planning stages to the post incident root cause analysis that leads to procedural changes designed to prevent similar incidents from happening in the future.

Real world incident response examples will be used throughout the course to give the students examples of both proper incident handling procedures and demonstrate the results of poor planning and implementation.

Understand the importance of creating well defined incident response plans
Understand the criticality of assessing what could happen to their business
Develop plans for detecting incidents either during or immediately after incident initiation so that appropriate actions can be taken to protect the company and customer information
Develop working relationships with law enforcement and discover when to involve them in a corporate incident
Understand the importance of having processes in place to assess the criticality of incidents as they are uncovered
Discover the importance of empowering users to report suspicious activity
Upcoming Dates and Locations
All Live Online times are listed in Eastern Time Guaranteed To Run

There aren’t any public sessions currently scheduled for this course, but if you fill out the form below, we can tell you about how we can bring this course to you!

Course Outline

Part 1: Identification and SOC operations

Students will discover Security Operations Center tools and techniques. IDS, IPS, antivirus, and firewall alerts, as well as Syslog information from servers and end stations, are all gathered and correlated by a security incident and event monitoring devices. Understand the procedures for collection and correlating security breach information and discover how to identify significant security events from the clutter of insignificant and unrelated events.

Part 2: Incident Response Policy, Authorization, and Team Creation

Discover how to create an incident response policy that gives an organization the ability and authority to respond to any incident without unnecessary delay caused by seeking executive approval when the time is of the essence. Create an incident response team by identifying the proper skill sets required to effectively implement a planned response.

Part 3: Preparing to Handle an Incident

Timely and effective response requires pre-action planning, training, and preparation. Students will learn how to create action plans that will be executed when a crisis is discovered. These action plans need trained staff and the correct resources in order to be effective. Discover the training and resource requirements that will make your incident response team effective during a crisis.

Part 4: Incident Detection and Analysis Phase

A thorough understanding of attack vectors will allow security personnel to correlate precursors and indicators and allow this correlation process to lead to early identification of the most critical potential security events. By using the proper identification and prioritization techniques taught in class, students will be able to accurately begin to document the incident while initiating the correct containment strategy.

Part 5: Containment, Eradication and Recovery Phase

Different business assets require different containment strategies. Critical high availability solutions cannot simply be taken off of the network. Learn different ways of controlling the spread of virus, worms, and attackers while protecting critical resources. The student will learn how to identify and gather evidence of an attacker's activities and targets. A complete understanding of the attack scenario is required to eradicate all traces of an attack and to recover damaged systems into the operation environment.

Part 6: Lessons Learned and Post Incident Activity

After the incident is over and all systems are recovered to full operational status, learn how to analyze the response process for future process improvement. Discover how to perform root cause analysis that will identify the process failure that allowed the incident to occur in the first place. Use that root cause analysis to modify corporate procedures to defend against future problems.

Who should attend
  • IT Managers & Directors
  • CISOs
  • Security Managers
  • System Administrators
  • Network Designers
  • Security Administrators
  • Business Analysts
  • Project Managers
  • Systems Architects/Designers
  • Systems Analysts or Testers
  • Managers & Team Leaders