In this online course about Enterprise Security Case Management, you will learn about tools and techniques which help cybersecurity practitioners manage evidence and related case data to preserve their integrity.
Improper case management can lead to adverse outcomes and significantly increase the time it takes a security team to detect or respond to active threats in an enterprise environment. If and when security cases result in litigation, it is vital that the case management processes and workflows followed be unimpeachable, and that as much relevant, reliable information is captured before, during, and after executing a case.
Security of the evidence and related data are equally important. Leaving these vulnerable negatively impacts their integrity. This course will teach you concepts such as chain of custody, secure evidence and data storage, why data retention, destruction, and backup are necessary considerations, as well the best methods for capturing contemporaneous notes.
Knowledge of incident response and handling methodologies (i.e. NIST)
Knowledge of the CIA triad
Knowledge of security principles such as least privilege and ‘need to know’
Experience identifying and remediating security events and incidents
Knowledge of SIEM and SOAR tools also beneficial
By the end of this course, students should be able to:
Create and complete chain of custody and examination forms
Determine how and where to securely store case evidence and related data
Determine the best data retention, destruction, and backup procedures for their organization
Write comprehensive contemporaneous notes and capture information relevant to security cases
This course is part of a Career Path:
No items found.
I am a client-focussed cybersecurity strategist and trusted adviser with proven success in improving technical security postures by delivering customised compromise assessment, threat hunting, incident response, and digital forensic services. I am an expert in end-to-end incident management, from initial scoping, planning, and team task delegation to evidence gathering, data analysis, and detailed reporting.
I consistently assess, translate, and communicate technical data for diverse technical and non-technical audiences. I continually identify opportunities for expanding the portfolio of services and optimising service delivery. I leverage an IT background whilst overseeing network, web-based application, systems, and database assessments, ensuring well-documented, unambiguous client recommendations for handling and preventing future security incidents.
I am proud of building, training, and mentoring agile incident response and digital forensic teams well versed in industry best practices including NIST and ISO. My specialties include Digital Forensics, Incident Response Management, Crisis Management, Cybersecurity Audits, Business Development, Intrusion Detection, and Threat Modeling.
I believe I have reached a point in my security career where I have acquired enough knowledge to be able to give back to the security community by sharing my knowledge and experience with others in the field. I have a desire to train and mentor others interested in cybersecurity, the same way that others helped me with training and mentorship.
Certificate of Completion
Complete this entire course to earn a Enterprise Security Case Management Certificate of Completion