
About the subject and the structure of the course
About the concept of information security and what is information security management
About the most popular standards in the ISO/IEC 27000 series and what they refer to
About the purpose of ISO/IEC 27035 and the different documents that make up the ISO/IEC 27035 standard. What is the subject for each of those documents and how they are intended to be used
About the difference between information security events and incidents
A brief enumeration of different types of attacks that may lead to information security incidents
What are the common objectives that an organization is looking to achieve with its information security incident management process
An overview of the 5-phase process for informations security incident management according to ISO/IEC 27035
About the role and the recommended content for the incident management policy according to ISO/IEC 27035-2
About the content of the incident management plan
More information about what should be part of an incident management plan according to the guidelines in ISO/IEC 27035-2
The system for categorizing information security incidents propsed by ISO/IEC 27035-2
About the benefits of using forms to records incidents, events or vulnerabilities. Templates proposed by ISO/IEC 27035-2 for the different forms
About the incident management team, its responsibilities and activities
About the role of the incident response team and requirements for its members
About the need to establish relationships that may be necessary in the response to information security incidents
About the technical and other support that should be available for an adequate response to an information security incident
Guidelines for awareness and training on information security incident management
About the benefits of testing the information security incident management plan and the different options for testing available to an organization
About legal and regulatory requirements in relation to information security incident management
A recapitulation of the guidelines in ISO/IEC 27035-2 for the first phase of the incident management process - Plan and prepare
A short story about the data breach that occured at Equifax in 2017
About the importance of detecting information security events on time. About proactive and reactive detection.
About the channel for reporting information security events. About the point of contact and the decision as to whether an information security event represents an incident.
About the triage of information security incidents. Examples of criteria to be used for the classification of incidents
About the importance of analyzing information security incidents and the different types of files that are commonly the subject of analysis
About the different tools that analysts use and the difference between the intra-incident and the inter-incident analysis
About the objective of containment and the strategies recommended by ISO/IEC 27035-3 for incident containment
About the process of incident eradication and what it may involve. About the recovery from the incident and the relative guidance for this process according to ISO/IEC 27035
About reporting information security incidents inside the organization and to external stakeholders
About the guidelines in ISO/IEC 27035-2 for learning lessons from handling information security incidents and using the lessons learned as a driver for improvement
A recapitulation of the subjects discussed as part of the following phases in the incident management process: detect and report, assess and decide, respond and learn lessons
A short story about the data breach that occured at the American retailer Target in December 2013
About the options for certification in the context of information security incident management - certification for organizations and for individuals
Thank you for taking this course!
Information security incidents have become a common occurrence in today's landscape, where every organization, regardless of its size or dependence on IT&C, can be the victim of an attack.
Security controls and policies alone cannot guarantee a total protection of information, networks, systems or services, because there will always be residual vulnerabilities that may be exploited by threats, leading to information security incidents. Furthermore, it is inevitable that new instances of previously unidentified threats cause incidents to occur.
The consequences of an information security incident can go from minor disturbances to the regular operations, up to the collapse of the entire organization. The insufficient preparation to deal with incidents will make the response of the organization less effective and will increase the degree of potential adverse business consequences.
Therefore, it is mandatory for each company to design and to implement a robust information security programme, with a key part of that programme dedicated to the handling of incidents.
This course presents the guidelines for managing information security incidents provided by ISO/IEC 27035.
This international standard proposes a process that includes 5 phases:
- plan and prepare where plans and policies are developed, training and awareness are provided, the necessary resources are identified and made available, forms are established and organizational structures, such as the incident management team and the incident response team are set up;
- detect and report, where information security events are identified, reported;
- assess and decide, where incidents are categorized based on their impact on the organization and analyzed to determine the most suitable solutions for the response;
- respond, where the incident is contained first, then eradicated and in the end the systems and services affected by the incident are recovered; and
- learn lessons, where the organization uses the information collected while handling incidents to improve its process, its security controls and organizational processes.
A section of the course is dedicated to each of the five steps of the incident management process and along the way there are examples and case studies to make your learning journey more useful and pleasant.
By participating in this course you will understand the concepts and tools of incident management; you will learn about how to categorize and analyze information security incidents; you will improve your skills in the information security management field and you can confidently apply for a certification as incident manager.
You can use the information in this course to design or to improve your company's processes for managing information security incidents. You can use the course as support for your consulting services or for auditing purposes. Or, you can use this course as a method to advance your career in information security management.