Free

Enterprise Security Case Management

In this online course about Enterprise Security Case Management, you will learn about tools and techniques which help cybersecurity practitioners manage evidence and related case data to preserve their integrity.
1
4
M
Time
advanced
difficulty
1
ceu/cpe

Course Content

Introduction

3m

Introduction
Logical Storage

5m

Evidence and Case Data Storage
Priority and Severity

4m

Workflow and Managing Cases
Chain of Custody

4m

Core Concepts
Physical Storage

4m

Evidence and Case Data Storage
Deadlines and Service Level Agreements

2m

Workflow and Managing Cases
Data Retention

3m

Evidence and Case Data Storage
Escalation

2m

Workflow and Managing Cases
Data Destruction

2m

Evidence and Case Data Storage
Data Backup

5m

Evidence and Case Data Storage
Course Description

Improper case management can lead to adverse outcomes and significantly increase the time it takes a security team to detect or respond to active threats in an enterprise environment. If and when security cases result in litigation, it is vital that the case management processes and workflows followed be unimpeachable, and that as much relevant, reliable information is captured before, during, and after executing a case.

Security of the evidence and related data are equally important. Leaving these vulnerable negatively impacts their integrity. This course will teach you concepts such as chain of custody, secure evidence and data storage, why data retention, destruction, and backup are necessary considerations, as well the best methods for capturing contemporaneous notes.

Prerequisites

  • Knowledge of incident response and handling methodologies (i.e. NIST)
  • Knowledge of the CIA triad
  • Knowledge of security principles such as least privilege and ‘need to know’
  • Experience identifying and remediating security events and incidents
  • Knowledge of SIEM and SOAR tools also beneficial
  • Course Goals

    By the end of this course, students should be able to:

  • Create and complete chain of custody and examination forms
  • Determine how and where to securely store case evidence and related data
  • Determine the best data retention, destruction, and backup procedures for their organization
  • Write comprehensive contemporaneous notes and capture information relevant to security cases

    This course is part of a Career Path:
    No items found.

    Instructed by

    Instructor
    Seth Enoka

    I am a client-focussed cybersecurity strategist and trusted adviser with proven success in improving technical security postures by delivering customised compromise assessment, threat hunting, incident response, and digital forensic services. I am an expert in end-to-end incident management, from initial scoping, planning, and team task delegation to evidence gathering, data analysis, and detailed reporting.

    I consistently assess, translate, and communicate technical data for diverse technical and non-technical audiences. I continually identify opportunities for expanding the portfolio of services and optimising service delivery. I leverage an IT background whilst overseeing network, web-based application, systems, and database assessments, ensuring well-documented, unambiguous client recommendations for handling and preventing future security incidents.

    I am proud of building, training, and mentoring agile incident response and digital forensic teams well versed in industry best practices including NIST and ISO. My specialties include Digital Forensics, Incident Response Management, Crisis Management, Cybersecurity Audits, Business Development, Intrusion Detection, and Threat Modeling.

    I believe I have reached a point in my security career where I have acquired enough knowledge to be able to give back to the security community by sharing my knowledge and experience with others in the field. I have a desire to train and mentor others interested in cybersecurity, the same way that others helped me with training and mentorship.

    Provider
    Cybrary Logo
    Certification Body
    Certificate of Completion

    Complete this entire course to earn a Enterprise Security Case Management Certificate of Completion