Module 4: Cyber-incident response
- Incident response
- Incident response processes
- Threat classification
- Incident severity and prioritization
- Types of data
Forensics tools
- Digital forensics investigations
- Documentation and forms
- Digital forensics crime scenes
- Digital forensics kits
- Image acquisition
- Password cracking
- Analysis utilities
Incident analysis and recovery
- Analysis and recovery frameworks
- Analyzing network symptoms
- Analyzing host symptoms
- Analyzing data exfiltration
- Analyzing application symptoms
- Using sysinternals
- Containment techniques
- Eradication techniques
- Validation techniques
- Corrective actions
Module 5: Security architecture
- Secure network design
- Network segmentation
- Blackholes, sinkholes and honeypots
- System hardening
- Group policies and MAC
- Endpoint security
Managing identities and access
- Network access control
- Identity management
- Identity security issues
- Identity repositories
- Context-based authentication
- Single sign on and federation
- Exploiting identities
- Exploiting web browsers and applications
Security frameworks and policies
- Frameworks and compliance
- Reviewing security architecture
- Procedures and compensating controls
- Verifications and quality control
- Security policies and procedures
- Personnel policies and training