Introduction

00:01

Hello. Welcome to the incident Response Lifecycle course on cyber Eri

00:06

For the learning objectives on this course, we're going to talk about how to write a detailed incident response plan for any size organization.

00:13

We'll also talk about how you can set an organization up for success prior to any type of cyber incident.

00:21

Well, understand that people, the processes and the technologies that are necessary in order to prevent, identify, detect, respond and recover from a cyber incident.

00:31

We'll also talk about the importance of collaboration and communication with internal stakeholders, vendors, partners and external organizations during some sort of a cyber incident.

00:43

And then we're going to talk about the life cycle of a cyber incident all the way from preparation through to recovery and remediation.

00:52

This course will have a lot of detail on a lot of information in each of these objectives, and I'll go through them or as we go on during the course.

01:00

The prerequisites for taking this course

01:03

first is to have an understanding of I T and security organizations and how they work together. But work flows that may be present, things like how a security operation center or a sock may interface with a cyber incident response team, or CERT.

01:19

Also, you should be familiar with NIST National Institute of Standards and Technology and the Cybersecurity Framework version 1.1, and also have an understanding of common attack vectors such as fishing and social engineering, ransomware, Web application attacks and others.

01:38

Now you don't need to be an ethical hacker or have any certifications in

01:42

hacking or penetration testing

01:45

for this course. But you should just have a basic understanding of how those attacks occur, and what you can do is an incident responder to prevent and detect, identify and respond to those types of attacks.

01:57

A few other prerequisites, just to mention quickly is you should have an understanding of common tools used during incident response. Things like a SIM Security information and Event management enterprise, Forensic capabilities in point detection and response or ET are tools, intrusion detection and prevention systems, firewalls, vulnerability, scanning

02:17

again. He certainly don't need to be an expert in these What You should understand what they are, how they work, how they're implemented in the larger architecture

02:25

of an organization.

02:28

You should have a basic understanding of the Center for Internet Security or C. I s top 20 controls as well as what an indicator of compromise or IOC is and how they're used during an incident response process. Life cycle, etcetera.

02:45

Well, it is my pleasure to welcome you to this course. My name is Josh Mullen, and I am happy to be your instructor for this course. It really is great for me. It puts two things together that I like cybersecurity, incident, response those times things and instructing and teaching. I hope you find this course valuable.

03:05

You can see on the side here just a brief background about me. I've got a master's of science and information, security and assurance. And ah, a couple certifications in cyber and forensics there.

03:16

Please do reach out if you have any questions at all, or please do connect with me on social media. You'll see they're my Twitter and LinkedIn information as well as my personal website and my company website.

03:30

I'm a principal at a small business called Nats are focuses on digital forensics and cyber security.

03:36

My background before doing that is I've got 18 years of full time cybersecurity experience.

03:43

I started my cybersecurity career actually, as a law enforcement officer.

03:46

I founded the first high tech crime unit in the region that I was at and eventually grew that program into a regional cybercrimes task force that encompassed about half the state.

03:58

And I wrote a couple of grants, got a few $1,000,000 really built that program out, ended up getting it as clad. Lab accredited through I s 0 17 through 25 if you're familiar with that

04:09

and actually was

04:10

ended up being crossed, deputized by the FBI and the U. S. Marshals and was the commander of that task force for seven years on and were responsible for investigating and prosecuting any type of crime involving technology. So you can imagine that's about anything these days.

04:26

And we also did undercover Internet investigations forensics on all sorts of devices.

04:30

After my law enforcement career, I went to work for Northrop Grumman on a contract with the Department of Energy. So I was the chief information security officer says so and the chief information officer, eventually of part of the nation's nuclear weapons complex in Nevada.

04:48

So I was responsible for all I T and cybersecurity, both classified and unclassified

04:54

across our nation within that program and was able to really do a lot of incident response. I built several CERT teams and socks and

05:02

capabilities and instant response during my career and also Gartner for three years as an executive partner.

05:10

And in that role, I partner with federal senior executives and military officers across the Department of Defense and federal civilian agencies to assist them with their technology and soft skills and anything they need help with from a strategy or implementation perspective

05:30

and really get to be a trusted adviser to those organizations.

05:33

So again, I'm very happy to be with you. Reach out. If you have questions and I'm looking forward to this course,

05:42

the target audience for this course is really those individuals that have a foundational understanding of incident response. Maybe you're a student who desires to learn more about incident response. Maybe you work in a sock now, and you want to move up into the organization a different level, or perhaps get into management.

06:00

Maybe folks that are outside of I, T and Security but just want to understand this process better. That could include people from HR, legal or other parts of the business or organization that interfaces with a CERT team and then

06:14

anyone just that wants to know. Best practices in standing up in incident response capability maturing the capability that already exists.

06:21

Ah, and hopefully learn a few things from an instructor like myself who's got some real life examples and history doing incident response for large organizations.

06:31

The syllabus today and throughout this course will be first module preparing an organization for a cyber incident. Of course, you never want to be preparing during your first incident, and we're gonna walk through how to get ready for as best you can, an incident that may occur within an organization.

06:50

We'll also talk about a module to identifying organizational assets and risks, and Module three will talk about protecting an organization from a cyber incident.

07:00

Module four will get into detecting the incident once it's occurred, and then module five. How do you respond to an incident once you've detected it? And then the final module module six will be all about How do you recover from a cyber incident?

07:16

In the resource is tab of this course, you'll find a few things. One will be the syllabus for this course. You also find a glossary of terms that we will use. A new assessment will be part of this course and then also references for you to take back and read at your leisure.

07:32

The outline of this course will. We've done the introduction module one will get into next, and then we'll go through the rest of the modules in this kind of a format where I'll introduce the topics will talk about the objectives for the course. I'll go through the information and then we'll have a very quick