CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response

Review incident response concepts and best practices as you prepare for the CySA+ (CS0-002) exam. Learn about classifying security incidents, conducting investigations, and more.

Introduction

• Incident response
• What you need to know
• Study resources

1. Assessing Incidents

• Identifying and classifying security incidents
• Threat classification
• Zero days and the advanced persistent threat
• Determining incident severity

2. Incident Response Process

• Build an incident response program
• Creating an incident response team
• Incident communications plan
• Incident identification
• Escalation and notification
• Mitigation
• Containment techniques
• Incident eradication and recovery
• Validation
• Post-incident activities

3. Indicators of Compromise

• Network symptoms
• Rogue access points and evil twins
• Endpoint symptoms
• Application symptoms

4. Forensic Investigations

• Conducting investigations
• Evidence types
• Introduction to forensics
• System and file forensics
• File carving
• Creating forensic images
• Digital forensics toolkit
• Operating system analysis
• Password forensics
• Network forensics
• Software forensics
• Mobile device forensics
• Embedded device forensics
• Chain of custody
• Ediscovery and evidence production

Conclusion

• Next steps