YoVDO

Enterprise Security Case Management

Offered By: Cybrary

Tags

Enterprise Security Courses Incident Response Courses Data Retention Courses

Course Description

Overview

Improper case management can lead to adverse outcomes and significantly increase the time it takes a security team to detect or respond to active threats in an enterprise environment. If and when security cases result in litigation, it is vital that the case management processes and workflows followed be unimpeachable, and that as much relevant, reliable information is captured before, during, and after executing a case.

Security of the evidence and related data are equally important. Leaving these vulnerable negatively impacts their integrity. This course will teach you concepts such as chain of custody, secure evidence and data storage, why data retention, destruction, and backup are necessary considerations, as well the best methods for capturing contemporaneous notes.

Prerequisites

  • Knowledge of incident response and handling methodologies (i.e. NIST)
  • Knowledge of the CIA triad
  • Knowledge of security principles such as least privilege and ‘need to know’
  • Experience identifying and remediating security events and incidents
  • Knowledge of SIEM and SOAR tools also beneficial

Course Goals

By the end of this course, students should be able to:

  • Create and complete chain of custody and examination forms
  • Determine how and where to securely store case evidence and related data
  • Determine the best data retention, destruction, and backup procedures for their organization
  • Write comprehensive contemporaneous notes and capture information relevant to security cases

Syllabus

  • Introduction
    • Introduction
  • Core Concepts
    • Case/Evidence Naming Conventions
    • Chain of Custody
    • Capturing Evidence Metadata
    • Contemporaneous Notes
  • Evidence and Case Data Storage
    • Logical Storage
    • Physical Storage
    • Data Retention
    • Data Destruction
    • Data Backup
  • Workflow and Managing Cases
    • Priority and Severity
    • Deadlines and Service Level Agreements
    • Escalation
  • Assigning Access
    • Case Management CIA Triad
  • Conclusion
    • Course Summary
  • Course Assessment
    • Course Assessment - Enterprise Security Case Management

Taught by

Seth Enoka

Related Courses

SOAR for Enterprise Security
Codio via Coursera Advanced Applications of CDO in Enterprise Security Admin
LearnQuest via Coursera MicroStrategy 10 Certification Training
Edureka License To Pentest: Ethical Hacking Course For Beginners
freeCodeCamp Microsoft Future Ready: Fundamentals of Enterprise Security
Cloudswyft via FutureLearn