INF250x Planning a Security Incident Response 

About this course  

This course is part of the Microsoft Professional Program in Cybersecurity. 

This course is designed to help you manage an enterprise security incident, while avoiding common errors, increasing both the effectiveness and efficiency of your incident response efforts. 

What you'll learn 

After completing this course, students will be able to:  

• Effectively prioritize the response to a security incident
• Build a computer security incident response team (CSIRT)
• Develop an incident response action plan
• List appropriate post-incident activities 

Prerequisites

• A understanding of the current cybersecurity ecosystem. 

Course Syllabus 

Module 1  

• Introduction
• What is threat modelling?
• The need for incident response plans
• Assess vulnerabilities in your environment
• Establish routine monitoring and review of network traffic and system performance
• Log analysis 

Module 2  

• Incident Response Policy, Plan, and Procedure Creation
• Creation of a CSIRT
• Establish CSIRT team roles
• Establish governing policy 

Module 3  

• Initial assessment of incident
• Attack vectors
• What are false positives and false negatives?
• Determine the nature of the attack
• Identify the systems that have been compromised
• Choosing a containment strategy

 Module 4  

• Post-incident activity
• Protect the evidence while restoring functionality
• Recommendations and Lessons learned
• Security incident report 

Microsoft Verified Certificate 

For a small fee ($99), once you complete this course, you will receive a Microsoft authenticated Certificate of Completion. This will allow you to showcase your achievement and document your expertise. You will have permission to add the certificate to your resume or post it directly to LinkedIn. If your company has access to Microsoft Software Assurance Training vouchers, you can redeem one voucher for one certificate.