Final Exam: Incident Response Leader

WHAT YOU WILL LEARN

• 

  Define patch management for incident response. Describe the concept of patch management and how it affects the incident response team and the Security Operations Center (SOC)
  

  Demonstrate challenges organizations face today in monitoring systems configurations and how they can be overcome
  

  Demonstrate examples of internal and external incidents and breaches and how conformance in each example applies to a DevOps environment
  

  Demonstrate how to assess the monitoring process and how to perform a security configuration evaluation
  

  Demonstrate how to prioritize and rate the importance of patches for the software development environment.
  

  Demonstrate situations where an incident occurs for the need of legal communication or when Internal communication is necessary when handling incidents
  

  Demonstrate the actions taken when a incident occurs with regards to regulation conformance
  

  Demonstrate the methods in monitoring releases and deliveries throughout the Software Development Lifecycle (SDLC)
  

  Demonstrate the open source and Commercially available tools that are used for patch management
  

  Demonstrate the process of minor, major, and unknown configuration changes. What it means to an organization with unknown or minor changes for incident response and how its prioritized in an incident strategy
  

  Demonstrate the relation of patch management in an Agile environment
  

  Demonstrate the techniques used to identify and calculate risk with regards to a conformance program
  

  Demonstrate tips and tricks to keep up to date with rapidly changing laws and how to keep staff informed as change is implemented
  

  Describe briefly the Configuration Management process and how it can possess an influence in securing systems configuration for incident response
  

  Describe continuous monitoring in risk management including the three tier approach and how it relates to monitoring systems configuration
  

  describe different incidence response scenarios and how an organization should respond with their incident response team
  

  describe elements of an incident response policy and how it governs an incident response team
  

  describe governance policy, roles and responsibilities, and them purpose of incident response planning
  

  describe how an incident response plan is created and what to include in it, including planning scenarios and recovery objectives
  

  describe how incident response is managed across various enterprise organizations, providing examples of cases where incident response policies are managed
  

  describe how indicators of compromise can help reduce exploits in an environment
  

  describe policies and procedures for keeping systems secure in preemptive troubleshooting
  

  describe preemptive troubleshooting and how it applies to security and SecOps
  

  Describe regulation conformance and its importance in an organization and incident response
  

  Describe testing, and configuration management in patch management
  

  Describe the benefits of a patch management strategy and why its important
  

  describe the concept of a Computer Security Incident Response Team, what a team is compromised of, models and their purpose, and the benefits of outsourcing and having a CSIRT internally
  

  Describe the concept of patching for serverless systems and benefits of patching strategies using serverless systems
  

  Describe the importance of using external experts to assist with your conformance program
  

  describe the incident phases that an incident policy must address and the six stages in an incident response policy
• 

  Describe the process in implementing a secure systems configurations monitoring program
  

  Describe the Process of Baselining, hardening, and how to develop a backout plan
  

  Describe the process of rolling out patches in a patch management program and the polices for patch updates
  

  Describe the security controls for monitoring systems configurations in the cyber framework
  

  describe the security risks and best practices for transitioning to the cloud
  

  Describe the steps to creating the appropriate conformance program for an organization
  

  describe the tools available in incident response strategies including the three As in incident response and the OODA Loop
  

  Describe the various cybersecurity frameworks and which regulations relate to an organization
  

  Describe the various tools and software available to monitor systems and their advantages for incident response
  

  describe the Zero Trust Architecture and how to apply to the Zero Trust Model
  

  discuss the elements of an incident response policy
  

  identify how a security operations center can be a vital asset to an organization
  

  identify the different purposes of the different roles on a CSIRT
  

  identify the purpose of an incident response plan and the costs of not having one in place
  

  list the steps to create incident response policies, plans, and procedures
  

  recognize best security practices for the Internet of Things
  

  recognize concerns of moving to the security first mindset and de-perimeterization problems
  

  recognize how preemptive troubleshooting is different than intrusion detection systems
  

  recognize the best security places for network devices such as Next-Generation Firewalls, Network Intrusion Detection and Prevention Systems, and Distributed Denial of Service Attacks
  

  recognize the impact of software-defined networking, virtual networking, and micro-segmentation to network security
  

  recognize the importance of securing network appliances and the top network security risks
  

  recognize traditional infrastructure deficiencies, such as perimeter exploitation and de-perimeterization as a result of moving to the cloud
  

  recognize various security architecture models such as the Zero Trust Model, the intrusion kill chain, and the diamond model of intrusion analysis
  

  recognize what roles to assign to each member of an incident response team and describe how team members would be engaged in various scenarios
  

  recognize when to create a CSIRT and who should be on that team
  

  recognize Zero Trust challenges, problems, and concerns
  

  update hardware and recognize the importance of doing so
  

  update software and recognize the importance of doing so
  

  use password policies to enforce compliance
  

  use tools to troubleshoot hardware and policies to prevent security compromise