SRE Emergency & Incident Response: Incident Response

SRE    |    Intermediate
  • 17 videos | 1h 24m 38s
  • Includes Assessment
  • Earns a Badge
Likes 162 Likes 162
A well-prepared and organized approach is key to addressing and managing the aftermath of a system failure, security breach, or cyberattack. In this course, you'll explore the fundamental principles an SRE needs to be familiar with when responding to and managing incidents. You'll identify the goals, requirements, best practices, and key players involved in incident management. You'll learn how to deal with managed and unmanaged incidents and what's involved in an incident response plan. You'll identify incident response roles and responsibilities, and how to use incident metrics to manage incidents at scale. You'll outline what's involved in establishing a computer security incident response team (CSIRT), including each key team member's roles and responsibilities. Lastly, you'll examine what goes into an incident response policy.


  • discover the key concepts covered in this course
    summarize the requirements, goals, best practices, job roles, and tools involved in managing and responding to incidents
    recognize the importance of incident response planning and the characteristics of incidence response plans
    describe what is meant by each one of the 'three Cs' of incident management (coordinate, communicate, and control)
    restate the duties of the prominent job roles involved in incident response (Incident Commander, Communications Lead, and Operations Lead) as well as those of other, supporting roles
    recognize the best practices for handling managed incidents
    recognize the best practices for handling unmanaged incidents
    describe why correctly declaring and classifying incidents is essential and when these activities should be carried out
    assess why incident response training is necessary and list the responsibilities of an incident response analyst
  • outline tips and strategies for incident response preparation
    outline how to go about practicing incident management processes and describe why these activities are important
    outline how to use incident management data for measuring team performance and identify the KPIs to look out for
    differentiate between the standard tools used for incident response
    judge when to create a CSIRT and choose who should be on that team
    identify the different purposes of the various roles on a CSIRT
    describe the elements of an incident response policy
    summarize the key concepts covered in this course


  • 1m 47s
  • 6m 29s
    In this video, we will discuss the requirements, goals, best practices, and job roles in an incident response framework. First, we will look at some basics to keep incident management under control and effective. The chain of command must be clearly understood, and everyone needs to know what they are supposed to be doing. Next, we will look at some incident response best practices. FREE ACCESS
  • Locked
    3.  Incident Response Plans
    5m 4s
    In this video, we're going to look at the importance of having an incident response plan and the different types of plans that are available. We'll also discuss some benefits of having a plan, as well as the different steps that need to be taken in order to have one. Finally, we'll compare and contrast an incident response plan with a disaster recovery plan. FREE ACCESS
  • Locked
    4.  Incident Command Systems
    4m 34s
    In this video, you will learn more about the main objectives of any incident command system. You will also learn about the operational roles, including incident command, and the main responsibilities of an incident commander and the incident communication lifecycle. The three C's describe the coordination, communication, and command that are required for incident response. FREE ACCESS
  • Locked
    5.  Incident Response Roles
    4m 21s
    In this video, we will discuss the three main roles in incident response: the incident commander, who oversees the incident response; the communications lead, who is the public face of the incident response team and communicates with stakeholders; and the operations lead, who works to mitigate and resolve the incident. We will also look at some additional roles that help define and organize the responsibilities of the incident response team. FREE ACCESS
  • Locked
    6.  Managed Incidents
    4m 27s
    In this video, you'll learn more about how to recognize the best practices for handling managed incidents. You'll discover that incidents are common in almost any organization, and they can cause a great deal of disruption. But incident management helps control the chaos caused by everyone trying to work on an incident, unrestrained and unorganized. You'll learn about the incident command system and its standardized approach to incident management. The three C's define managed incident roles. FREE ACCESS
  • Locked
    7.  Unmanaged Incidents
    5m 52s
    In this video, you'll learn about managing unmanaged incidents. You'll discover that without an incident response plan and a dedicated team for incident response, incidents will still happen, but they'll be unmanaged. A lack of focus on the big picture is an issue. Everyone has their heads down, focusing on their one small part of the problem. FREE ACCESS
  • Locked
    8.  Declaring Incidents
    6m 29s
    Incident response is a method for quickly and cost-effectively addressing disruptions or degradation of service that affects customers. In order to respond effectively, an organization needs to be able to correctly identify incidents and classify them by severity level. This video discusses specific ways in which incident response teams can identify and respond to incidents. FREE ACCESS
  • Locked
    9.  Incident Response Training
    4m 27s
    An incident response analyst is a professional who investigates and reports on cybersecurity trends and issues. They stay up-to-date on the latest news in cyber attacks, analyze your systems by performing threat analysis, collect forensic details once an incident has happened, and perform intrusion correlation. They also train your team members to be able to respond to the latest security threats. FREE ACCESS
  • Locked
    10.  Preparing for Incidence Response
    5m 40s
    Incident response is the process of responding to a cyberattack. The goal of incident response is to mitigate damage and neutralize the root cause of the attack as quickly as possible. Incident response preparations include creating an emergency communications list, having system backups, and a recovery process. Communication during an incident needs to be clear and concise, and there should be no confusion over who is doing what. FREE ACCESS
  • Locked
    11.  Incident Management Practice Exercises
    6m 10s
    In this video, you'll learn more about running incident response practice exercises to strengthen your incident response and your incident response team readiness. You'll learn that these exercises are structured to teach the team certain aspects of their plan. The video outlines the important high-level steps for these exercises. FREE ACCESS
  • Locked
    12.  Incident Management Data
    5m 26s
    In this video, you'll learn how to outline how to use incident management data to measure team performance and identify the key performance indicators to look out for. You'll discover that in order to do a quantitative analysis of key performance indicators, you must have a process in place to collect incident management data. FREE ACCESS
  • Locked
    13.  Incident Response Tools
    6m 29s
    In this video, you'll learn more about the necessary tools for effective incident response, which identify, mitigate, and eliminate cyber attacks. You'll learn there are different approaches to analyzing network traffic for incident response, and each has its uses and its pros and cons.You'll also discover that intrusion detection systems alert when an intrusion is attempted or is actively occurring. FREE ACCESS
  • Locked
    14.  Computer Security Incident Response Teams (CSIRTs)
    6m 51s
    In this video, you'll learn more about the computer security incident response team (CSIRT) - who are the ones responsible for performing incident responses during an emergency. You'll discover that the team needs to correctly identify when an incident is occurring. Communication is crucial and the members all need to be contacted and made aware that an incident is occurring so they can work together. FREE ACCESS
  • Locked
    15.  CIRT Roles and Responsibilities
    4m 7s
    In this video, you will learn more about the responsibilities and roles of a computer security incident response team. These include investigating a security incident, system recovery and containment, and educating in-house staff on security issues. You will also learn about the different purposes of the various roles on a CSIRT, such as executive management, incident management, technology, communication, and facilities. FREE ACCESS
  • Locked
    16.  Incident Response Policies
    4m 59s
    In this video, you will learn more about the incident response policy. You will review the various sections of an incident response policy and what they cover. You will also discover why you need an incident response policy.The common sections of an incident response policy include: the statement of management commitment, purpose and objectives of the policy, scope of the policy, and a glossary of terms and definitions. FREE ACCESS
  • Locked
    17.  Course Summary
    1m 27s


Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.