SSCP Cert Prep: 4 Incident Response and Recovery

Learn the detailed information you need to prepare for the incident response and recovery domain of the SSCP exam.

Introduction

• Respond to incidents
• What you need to know
• Study resources

1. Incident Management

• Build an incident response program
• Creating an incident response team
• Incident communications plan
• Incident identification
• Escalation and notification
• Mitigation
• Containment techniques
• Incident eradication and recovery
• Validation
• Post-incident activities
• Incident response exercises

2. Investigations and Forensics

• Conducting investigations
• Evidence types
• Introduction to forensics
• System and file forensics
• Network forensics
• Software forensics
• Mobile device forensics
• Embedded device forensics
• Chain of custody
• Reporting and documenting incidents
• Electronic discovery (ediscovery)

3. Business Continuity

• Business continuity planning
• Business continuity controls
• High availability and fault tolerance

4. Disaster Recovery

• Disaster recovery overview
• Backups
• Restoring backups
• Disaster recovery sites
• Testing BC/DR plans
• After-action reports

5. Emergency Response

• Building an emergency response plan

Conclusion

• Continuing your studies