ICS202 - ICS Incident Response Fundamentals
Provided by QA
Overview
The ICS Security Incident Response Fundamentals course has been designed to provide those at Practitioner or equivalent level with an understanding of the current cyber incident response challenges facing their ICS environments. This includes an understanding of what an Incident is and how this approach may differ in an ICS Environment. This would also benefit those participating in or engaging with an ICS Incident Response team for the first time. This knowledge is vital when managing the day to day running of all aspects of security incident response for those environments.
This course will show students how to best protect and support their organisations cyber incident response process and provide an understanding of the stages of the IR process, including the information required to be able to create an effective IR plan. Template plans will be provided for student to complete and take away.
Siker have worked in partnership with the UK;s National Cyber Security Centre (NCSC) and the Centre for the Protection of National Infrastructure (CPNI) as well as leading Critical National Infrastructure companies to produce this short course.
+
Prerequisites
There are no pre-requisites for this course. In addition, a course exercise handbook and ICS Continuity Plan template is provided.
Who Should Attend?
Delegates will learn how to
We want staff who may be called in to help resolve a cyber incident to understand what it is they are walking into. This will help calm the panic and provide a swifter response to the incident which, in turn, leads to a quicker return to normal operations. This includes:
Outline
Module 1: Introduction to the Incident Handling Process
The ICS Security Incident Response Fundamentals course has been designed to provide those at Practitioner or equivalent level with an understanding of the current cyber incident response challenges facing their ICS environments. This includes an understanding of what an Incident is and how this approach may differ in an ICS Environment. This would also benefit those participating in or engaging with an ICS Incident Response team for the first time. This knowledge is vital when managing the day to day running of all aspects of security incident response for those environments.
This course will show students how to best protect and support their organisations cyber incident response process and provide an understanding of the stages of the IR process, including the information required to be able to create an effective IR plan. Template plans will be provided for student to complete and take away.
Siker have worked in partnership with the UK;s National Cyber Security Centre (NCSC) and the Centre for the Protection of National Infrastructure (CPNI) as well as leading Critical National Infrastructure companies to produce this short course.
+
Prerequisites
There are no pre-requisites for this course. In addition, a course exercise handbook and ICS Continuity Plan template is provided.
Who Should Attend?
- Anyone new to cyber security in an ICS Incident Response environment
- Non-ICS staff who need to understand ICS terminology and how it differs from their current roles
- Site/Asset Operators
- Procurement/Contract staff
- Supply chain staff
- Site/Asset IT Support engineers
- Site/Asset Physical Security/Facilities Manager staff
Delegates will learn how to
We want staff who may be called in to help resolve a cyber incident to understand what it is they are walking into. This will help calm the panic and provide a swifter response to the incident which, in turn, leads to a quicker return to normal operations. This includes:
- Being able to articulate the difference between an Incident and an Event and be able to identify both.
- Understand the 6-stage process for Incident Response
- Identify the key roles that make up a standard Incident Response Team
- Understand the legal and regulatory aspects of cyber incident response
- Handle different types of incidents
Outline
Module 1: Introduction to the Incident Handling Process
- What is an Incident and an Event and how do they differ?
- What is Incident Response?
- The challenges of ICS Incident Response
- The IR lifecycle
- Obtaining Leadership support
- ICS IR Plans
- Who gets involved?
- What makes the CSIRT?
- Jump Kit and Grab Bag
- Classification Levels
- Managing the Information Flow
- Evidence
- What is Containment?
- Short-term Containment
- Long-term Containment
- Investigations
- The main aims of eradication
- Remove or restore?
- Improvement after
- Recovery Objectives
- Validation
- Post-Incident Monitoring
- The Report
- Management Considerations
- Bringing it all together
Enquire
Start date | Location / delivery | |
---|---|---|
No fixed date | United Kingdom | Book now |
01132207150
01132207150