CISM Cert Prep: 4 Information Security Incident Management

Study for the Incident Management domain of the CISM certification exam, which tests your ability to identify, triage, and resolve security incidents.

Introduction

• Incident management
• What you need to know
• Study resources

1. Incident Response

• Role of a manager in incident response
• Creating an incident response team

2. Assessing Incidents

• Identifying and classifying security incidents
• Threat classification
• Zero days and the advanced persistent threat
• Determining incident severity

3. Incident Response Process

• Build an incident response program
• Incident communications plan
• Incident identification
• Escalation and notification
• Mitigation
• Containment techniques
• Incident eradication and recovery
• Validation
• Post-incident activities
• Incident response exercises

4. Incident Symptoms

• Network symptoms
• Rogue access points and evil twins
• Endpoint symptoms
• Application symptoms

5. Forensic Investigations

• Conducting investigations
• Evidence types
• Introduction to forensics
• System and file forensics
• File carving
• Creating forensic images
• Digital forensics toolkit
• Operating system analysis
• Password forensics
• Network forensics
• Software forensics
• Mobile device forensics
• Embedded device forensics
• Chain of custody
• Ediscovery and evidence production
• Exploitation frameworks

6. Logging and Monitoring

• Security information and event management
• Continuous security monitoring

Conclusion

• Continuing your studies