CompTIA Cybersecurity Analyst+ (CySA+) (CS0-003) Cert Prep: 3 Incident Response and Management

Get the detailed information you need to prepare for the Incident Response and Management domain of the Cybersecurity Analyst+ (CySA+) exam.

Introduction

• Incident response
• What you need to know
• Study resources

1. Incident Response Programs

• Build an incident response program
• Creating an incident response team
• Incident communications plan
• Incident identification
• Escalation and notification
• Mitigation
• Containment techniques
• Incident eradication and recovery
• Validation
• Post-incident activities
• Incident response exercises

2. Attack Frameworks

• MITRE ATT&CK
• Diamond model of intrusion analysis
• Cyber kill chain analysis
• Testing guides

3. Incident Investigation

• Logging security information
• Security information and event management
• Cloud audits and investigations

4. Forensic Techniques

• Conducting investigations
• Evidence types
• Introduction to forensics
• System and file forensics
• File carving
• Creating forensic images
• Digital forensics toolkit
• Operating system analysis
• Password forensics
• Network forensics
• Software forensics
• Mobile device forensics
• Embedded device forensics
• Chain of custody
• Ediscovery and evidence production

5. Business Continuity

• Business continuity planning
• Business continuity controls
• High availability and fault tolerance

6. Disaster Recovery

• Disaster recovery
• Backups
• Restoring backups
• Disaster recovery sites
• Testing BC/DR plans
• After-action reports

Conclusion

• Continuing your studies