Introduction

00:00

welcome to this calls on Enterprise Security Case management.

00:03

This course will help you gain a greater understanding of the procedures and requirements of managing cases related to security events and incidents in an enterprise environment. This course assumes you have knowledge off incident response and handling methodologies such as mist

00:17

knowledge off the CIA, triad

00:19

knowledge off security principles such as least privilege and need to know.

00:24

Experience identifying and remediating security events and incidents

00:28

as well as knowledge off seem and sore tools, which will be also beneficial

00:34

but not required.

00:36

My name is Seth Anoka, and I've been working in I T and cybersecurity for the last 13 years.

00:42

My work focuses primarily on digital forensics and incident response,

00:46

helping public and private enterprises and governments prepare for incidents and breaches

00:52

and assisting them during incidents when they go.

00:55

I have multiple sand certifications, a monster of I t. In network security and in my spare time, I'm a competitive power lift up.

01:03

I'm originally from Australia, but working as an incident response consultant takes me to a lot of different locations globally.

01:10

Lastly, everyone should feel free to connect with me on LinkedIn.

01:14

This course has some supplemental materials attached to it.

01:18

One is a chain of custody template or reform that you can use to record chain of custody for your evidence.

01:25

Secondly, you have a computer or a mobile examination form for recording information about evidence items which are being collected or imaged.

01:33

Finally, there is a certificate of destruction template which can be used when you securely arrays, media or data to provide stakeholders with confirmation that the data has actually been deleted.

01:45

This course is intended for anyone who is currently or wishes to become a security practice. You know,

01:51

this could include sock teams, threat hunters, digital forensic investigators or incident responders.

01:57

This course is equally valuable for executive leaders and board members who would like or who require a better grasp of security case management processes and work clothes.

02:07

Our overarching objectives are to provide you with an idea of how best to name both cases and evidence related to them.

02:15

We'll cover the importance off chain of custody,

02:17

including the relevant stakeholders and the fundamental process which should be followed to maintain the integrity of evidence.

02:23

We'll discuss secure data storage, data retention policies and procedures,

02:29

meaning how long to keep data after a case has been closed, as well as when and how to securely wipe case data or evidence,

02:37

contemporaneous notes, which among the most important expects off a security case,

02:42

will also be covered in detail, indicating which information must be captured

02:46

when, how and by whom.

02:50

And finally, we'll talk about case management, work flows, severity and priority classifications as well as escalations.

02:59

So I hope you'll join me for our next lesson, which will delve into naming conventions