This hands-on training course aims to deliver fundamental theoretical and practical skills to handle and respond to computer security incidents. The course addresses underlying principles and techniques for detecting and responding to current and emerging computer security threats. Several different incident handling cases are simulated to students with a focus on incident detection and description, information gathering, analysis tools and techniques, and incident handling phases by using RTIR (or related) tools. All teaching material is based on illustrative real-life cases and their analysis.
NRD Cyber Security as an ITU Centre of Excellence work programme developed this course and it has been designed for Computer Security Incident Response Teams (CSIRT), Security Operation Centre (SOC) members, all incident handlers, IT professionals, and anyone who is interested in incident handling and response
Apply incident response general workflow principles
Follow the incident response procedure by using the RTIR tool
Conduct basic analysis of email messages and retrieve actionable data from email headers
Investigate incidents by executing the system event log analysis
Carry out incident root cause analysis
Perform basic network forensics analysis