Risk Identification, Monitoring, and Analysis: In the Risk Identification, Monitoring, and Analysis session, you will learn how to identify, measure, and control losses associated with adverse events. You will review, analyze, select, and evaluate safeguards for mitigating risk.You will learn processes for collecting information, providing methods of identifying security events, assigning priority levels, taking the appropriate actions, and reporting the findings to the correct individuals. After collection of the details from monitoring, we can analyze to determine if the system is being operated in accordance with accepted industry practices, and in compliance with organization policies and procedures.
Incident Response and Recovery: In the Incident Response and Recovery Session, you will gain an understanding of how to handle incidents using consistent, applied approaches in order to resolve. Once an incident is identified, action will be necessary in order to resolve. We will examine processes such as damage recovery, data integrity and preservation, and the collection, handling, reporting, and prevention. You will be introduced to the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) concepts and how they can be utilized in order to mitigate damages, recover business operations, and avoid critical business interruption. Through the use of the DRP, you will understand the procedures for emergency response and post-disaster recovery.
Course Objectives
1. Describe the risk management process
2. Perform security assessment activities
3. Describe processes for operating and maintaining monitoring systems
4. Identify events of interest
5. Describe the various source systems
6. Interpret reporting findings from monitoring results
7. Describe the incident handling process
8. Contribute to the incident handling process based upon role within the organization
9. Describe the supporting role in forensics investigation processes
10. Describe the supporting role in the business continuity planning process
11. Describe the supporting role in the disaster recovery planning process
Этот курс входит в специализацию ''Специализация (ISC)² Systems Security Certified Practitioner (SSCP) '
Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery
от партнера
Программа курса: что вы изучите
Неделя
1Understand the Risk Management Process
Module Topic: Risk Visibility and Reporting, Risk management Concepts, Risk Assessment, Risk Treatment, Audit Findings. In Risk visibility and Reporting, you will learn about risk register, creating a risk register, risk register, and risk management steps. In Risk Management Concepts, you will learn about, key terms, and generic risk model with key factors - NIST SP 800-30 R1. In risk Assessment, you will learn about NIST SP 800- 30 R1 risk assessment methodology, Step 1. prepare for the assessment, Step 2. conduct the assessment, Step 2a. identify threat sources, step 2b. identify potential threat events, step 2c. identify vulnerabilities and predisposing conditions, step 2d. determine likelihood, step 2e. determine impact, step 2f. risk determination, risk level matrix, risk levels, step 3. communicating and sharing risk assessment information, step 4. maintaining the risk assessment, and risk assessment activity. In Risk Treatment, you will learn about, risk mitigation, example control: passwords, control selection, residual risk, risk transference, risk avoidance, and risk acceptance. In audit Findings, you will learn about auditors, types of audits, audit methodologies, auditor responsibilities, audit scope, documentation, and response to audit.
14 videos (Total 84 min), 14 материалов для самостоятельного изучения, 1 тест
14 видео
Risk Management Process: Creating a Risk Register7мин
Risk Management Process: Risk Register Risk Management Steps8мин
Risk Management Process: Key Terms5мин
Risk Management Process: Key Terms6мин
Risk Management Process: Risk Assessment3мин
Risk Management Process: Preparation Steps7мин
Risk Management Process: Step 2b4мин
Risk Management Process: Quantitative Analysis8мин
Risk Management Process: Qualitative Analysis5мин
Risk Management Process: Step 33мин
Risk Management Process: Risk Treatment5мин
Risk Management Process: Risk Avoidance5мин
Risk Management Process: Type of Audits7мин
14 материала для самостоятельного изучения
Risk Management Process: Risk Visibility and Reporting10мин
Risk Management Process: Creating a Risk Register10мин
Risk Management Process: Risk Register Risk Management Steps10мин
Risk Management Process: Key Terms10мин
Risk Management Process: Key Terms10мин
Risk Management Process: Risk Assessment10мин
Risk Management Process: Preparation Steps10мин
Risk Management Process: Step 2b10мин
Risk Management Process: Quantitative Analysis10мин
Risk Management Process: Qualitative Analysis10мин
Risk Management Process: Step 310мин
Risk Management Process: Risk Treatment10мин
Risk Management Process: Risk Avoidance10мин
Risk Management Process: Type of Audits10мин
1 практическое упражнение
Quiz 120мин
Неделя
2Perform Security Assessment Activities
Module Topics: Participate in Security and Test Results, Penetration Testing. In Participate in Security and Test Results, you will learn about vulnerability scanning and analysis, vulnerability testing software categories, vulnerability testing qualities, potential problems, host scanning, host security considerations, traffic types, security gateway types, wireless networking testing, potential security issues, searching for rogue access points, locking down the enterprise, wireless tools, war dialing, and war driving. In Penetration Testing you will learn about penetration testing modes, white box / hat, gray box / hat, black box / hat, phase 1: preparation, reporting, phase 2: reconnaissance and network mapping techniques, reconnaissance, social engineering and low-tech reconnaissance, whois attacks, DNS zone transfers, network mapping, network mapping techniques, firewalking, basic built-in tools, phase 3: information evaluation and risk analysis, phase 4: active penetration, phase 5: analysis and reporting, penetration testing high-level steps.
11 videos (Total 73 min), 11 материалов для самостоятельного изучения, 1 тест
11 видео
Security Assessment Activities: Potential Problems6мин
Assessment Activities: Security Gateway Types5мин
Security Assessment Activities: Potential Security Issues6мин
Security Assessment Activities: Penetration Testing6мин
Security Assessment Activities: White Box / Hat8мин
Security Assessment Activities: Reconnaissance4мин
Security Assessment Activities: DNS Zone Transfers7мин
Security Assessment Activities: Network Mapping Techniques9мин
Security Assessment Activities: Firewalking6мин
Security Assessment Activities: Active Penetration6мин
11 материала для самостоятельного изучения
Security Assessment Activities: Participate in Security and Test Results10мин
Security Assessment Activities: Potential Problems10мин
Assessment Activities: Security Gateway Types10мин
Security Assessment Activities: Potential Security Issues10мин
Security Assessment Activities: Penetration Testing10мин
Security Assessment Activities: White Box / Hat10мин
Security Assessment Activities: Reconnaissance10мин
Security Assessment Activities: DNS Zone Transfers10мин
Security Assessment Activities: Network Mapping Techniques10мин
Security Assessment Activities: Firewalking10мин
Security Assessment Activities: Active Penetration10мин
1 практическое упражнение
Quiz 220мин
Неделя
3Operate and Maintain Monitoring Systems & Analyze and Report Monitoring Results
Module Topics: Events of Interest, Logging, source Systems, Security Analytics, metrics, and Trends, Visualization, Event Data Analysis, Communication of Findings. In Events of Interest you will learn about, monitoring terminology, Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), comparing IDS and IPS, types of IDS/IPS devices, deploying HIDS and NIDS, implementation issues for monitoring, monitoring control, other considerations, sample questions to consider, collecting data for incident response, monitoring response techniques, attackers, attacker motivations, intrusions, events, types of monitoring, and file integrity checkers, continuous/compliance monitoring. In Logging, you will learn about reviewing host logs, reviewing incident logs, log anomalies, log management, clipping levels, filtering, log consolidation, log retention, centralized logging (syslog and log aggregation), syslog, distributed log collectors, hosted logging services, configuring event sources (s-flow, NetFlow, sniffer), Cosco NetFlow, What is an IP Flow, IP packet attributes, understanding network behavior, how to access the data produced by NetFlow, How does the router or switch determine which flows to export to the NetFlow collector server, format of the export data, sFlow, event correlation systems (security, information, and event management (SIEM)), SIEM functions, compliance, enhanced network security and improved IT/security operations, and full packet capture. In Source System, you will learn about comprehensive application, middleware, OS, and infrastructure monitoring, hyper capabilities, and operations manager. Analyze and Report Monitoring: In Security Analytics, Metrics, and Trends, you will learn about security baseline, network security baseline, metrics and analysis (MA), systems security engineering capability maturity model (SSE-CMM), and potential metrics. In visualization topic, you will learn about data visualization tools. In Event Data Analysis, you will learn about logs, log management, log management recommendations, and Potential uses of server log data. In Communication of Findings, you will learn about checklist for report writers and reviewers.
12 videos (Total 75 min), 12 материалов для самостоятельного изучения, 1 тест
12 видео
Monitoring Systems: IDS/IPS5мин
Monitoring Systems: Implementation Issues for Monitoring6мин
Maintain Monitoring Systems: Sample Questions6мин
Maintain Monitoring Systems: Attacker Motivations7мин
Maintain Monitoring Systems: Logging5мин
Maintain Monitoring Systems: Log Anomalies5мин
Maintain Monitoring Systems: Log Retention6мин
Monitoring Systems: Compliance6мин
Monitoring Results: Security Baseline6мин
Monitoring Results: SSE-CMM6мин
Monitoring Results: Potential Uses of Server Log Data6мин
12 материала для самостоятельного изучения
Monitoring Systems: Monitoring Terminology10мин
Monitoring Systems: IDS/IPS10мин
Monitoring Systems: Implementation Issues for Monitoring10мин
Maintain Monitoring Systems: Sample Questions10мин
Maintain Monitoring Systems: Attacker Motivations10мин
Maintain Monitoring Systems: Logging10мин
Maintain Monitoring Systems: Log Anomalies10мин
Maintain Monitoring Systems: Log Retention10мин
Monitoring Systems: Compliance10мин
Monitoring Results: Security Baseline10мин
Monitoring Results: SSE-CMM10мин
Monitoring Results: Potential Uses of Server Log Data10мин
1 практическое упражнение
Quiz 320мин
Неделя
4Incident Response and Recovery
Module Topics: Preparation, Detection and Analysis, Containment, Eradication, and Recovery, Post-Incident Activity, Implementation of Countermeasures. In Introduction, you will learn about incident response, and basic definitions. In preparation, you will learn about elements of an incident response policy, incident response plan, training, incident response tools, communication planning, communication with law enforcement, media, requirements for effective incident handling, the incident response team, core team areas, centralized and decentralized teams, team structure, team conditions that support success, and other considerations. In Detection and Analysis, you will learn about Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), types of intrusion systems, intrusion detection techniques, false positives and false negatives, anti-malware systems, security information event management (SIEM), Incident analysis, packet sniffers, Inline SSL decryption devices, incident documentation, records, assessing risk, response, containment strategy considerations, Delaying containment, areas of focus, defining an incident, triage, and notification. In Containment, Eradication, and Recovery, you will learn about common containment activities, and eradication. In post-incident activity, you will learn about effective incident response. In implementation of Countermeasures, you will learn about implementation steps.
13 videos (Total 77 min), 13 материалов для самостоятельного изучения, 1 тест
13 видео
Incident Handling: Preparation6мин
Incident Handling: Training6мин
Incident Handling: Communication Planning7мин
Incident Handling: The Incident Response Team7мин
Incident Handling: IDS and IPS4мин
Incident Handling: Intrusion Detection Techniques7мин
Incident Handling: Anti-Malware Systems2мин
Incident Handling: Packet Sniffers6мин
Incident Handling: SSL Decryption Devices4мин
Incident Handling: Records6мин
Incident Handling: Delaying Containment6мин
Incident Handling: Containment, Eradication, and Recovery4мин
13 материала для самостоятельного изучения
Incident Handling: Incident Response10мин
Incident Handling: Preparation10мин
Incident Handling: Training10мин
Incident Handling: Communication Planning10мин
Incident Handling: The Incident Response Team10мин
Incident Handling: IDS and IPS10мин
Incident Handling: Intrusion Detection Techniques10мин
Incident Handling: Anti-Malware Systems10мин
Incident Handling: Packet Sniffers10мин
Incident Handling: SSL Decryption Devices10мин
Incident Handling: Records10мин
Incident Handling: Delaying Containment10мин
Incident Handling: Containment, Eradication, and Recovery10мин
1 практическое упражнение
Quiz 420мин
Преподаватель
(ISC)² Education & Training
Education & Training
О (ISC)²
(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. www.isc2.org
О специализации ''(ISC)² Systems Security Certified Practitioner (SSCP) '
Pursue better IT security job opportunities and prove knowledge with confidence. The SSCP Professional Training Certificate shows employers you have the IT security foundation to defend against cyber attacks – and puts you on a clear path to earning SSCP certification.
Learn on your own schedule with 120-day access to content aligned with the latest (ISC)2 SSCP exam domains. We’re offering the complete online self-paced program for only $1,000 – a $200 savings when you get all domains bundled together.
3 Steps to Career Advancement
1. Register for the course
2. Gain access for 120 days
3. Register and sit for the SSCP certification exam
Upon completing the SSCP Professional Certificate, you will:
1. Complete six courses of preparing you to sit for the Systems Security Certified Practitioner (SSCP) certification exam as outlined below.
Course 1 - Access Controls
Course 2 - Security Operations and Administration
Course 3 - Risk Identification, Monitoring, and Analysis/Incident Response and Recovery
Course 4 - Cryptography
Course 5 - Network and Communication Security
Course 6 - Systems and Application Security
2. Receive a certificate of program completion.
3. Understand how to implement, monitor and administer an organization’s IT infrastructure in accordance with security policies and procedures that ensure data confidentiality, integrity and availability.
Часто задаваемые вопросы
Можно ли ознакомиться с курсом до регистрации?
Да, до регистрации можно просмотреть первое видео и программу курса. Чтобы получить полный доступ к материалам курса, необходимо оплатить его.
Когда я получу доступ к лекциям и заданиям?
Регистрируясь на курс до начала сессии, вы получаете доступ ко всем видеолекциям и материалам для самостоятельного изучения. Задания можно отправлять после начала сессии.
Что я получу, зарегистрировавшись на курс?
После регистрации на курс и начала сессии вы получаете доступ ко всем видео и другим ресурсам курса, включая материалы для самостоятельного изучения и форумы обсуждений. Вы сможете выполнять тренировочные, а также сдавать обязательные оцениваемые задания и получить сертификат о прохождении курса.
Когда я получу сертификат о прохождении курса?
Если вы успешного пройдете курс, на странице ваших достижений появится электронный сертификат, который можно распечатать или прикрепить к профилю LinkedIn.
Почему я не могу прослушать этот курс?
Это один из немногих курсов на Coursera, которые предоставляются только на платной основе. Если вы хотите пройти этот курс, но не можете его оплатить, подайте заявление на получение финансовой помощи.
Какие правила возврата средств?
How long does it take to complete the course?
The course schedule contains approximately 21 hours of content material covering lectures, reading materials, a case study, and quizzes broken up over the course of 7 weeks
Остались вопросы? Посетите Центр поддержки учащихся.
Coursera делает лучшее в мире образование доступным каждому, предлагая онлайн-курсы от ведущих университетов и организаций.
© Coursera Inc., 2018 Все права защищены.
