Phase2 Advantage  |  Phone: 912.335.2217  |  Email: info@phase2advantage.com

Certified Cyber Incident Response Manager

Course Description

Instructor-Led Classroom: Certified Cyber Incident Response Manager

As organizations continue to rely on expanding infrastructure in an increasingly hostile threat landscape, the escalation of incidents involving malicious actors poses critical risks to information systems and networks. The ability to identify threats, respond to incidents, restore systems, and enhance security postures is vital to the survival of the operation.

The Certified Cyber Incident Response Manager certification course brings Incident Response core competencies to advanced levels by presenting students with 16 detailed learning objectives. Students will be provided with the knowledge and the practical skills needed to investigate and respond to network and system incidents. With a specific focus on the identification and remediation of incidents involving host and network devices, students will cover topics such as Threat Intelligence Collection, Investigative Techniques, Creating Playbooks, and Malware Triage. Practical lab exercises utilize Wireshark, a packet capturing tool used in real-world investigations.

Course Outline and Learning Objectives

  • What Constitutes an Incident?
  • Technology as a Landscape for Crime
  • What is Incident Response?
  • The Incident Response Life Cycle
  • 7 Stages of the Attack Life Cycle
  • 10 Steps to Help Reduce Incidents
  • Cyber Adversaries vs. Cyber Defenders
  • Nation State vs. Non-Nation State Actors
  • Components of the Threat Landscape
  • Legal Challenges in Digital Investigations
  • Challenges to Cyber Crime Investigations
  • International Enforcement Challenges
  • Defining the Incident Response Mission
  • Internal Communication Procedures
  • External Communication Procedures
  • Incident Response Team Deliverables
  • Building a Field Forensic System
  • Preparing the Infrastructure
  • Time Zones and Investigative Timelines
  • Collecting Initial Facts
  • Incident Response Checklists
  • Maintaining Case Notes
  • Building an Attack Timeline
  • Vulnerability Program Essentials
  • Prioritizing Vulnerability and Risk
  • Rating Vulnerability Levels
  • Analyzing a Vulnerability Notification
  • Establishing an Efficient Workflow
  • Vulnerability Scanning Software
  • Baseline Measuring Objectives
  • Identifying Usage Patterns
  • Network Sensor Deployment
  • Statistical Monitoring
  • Header and Full Packet Logging
  • Network Monitoring Evaluation
  • Potential Signs of Compromise
  • The Case for Network Monitoring
  • Turning Leads into Indicators
  • The Life Cycle of Indicator Generation
  • Indicator of Compromise Verification
  • Event-Based Alert Monitoring
  • Understanding Elements of Proof
  • Incident Scene Management
  • Chain of Custody
  • The Purpose of Investigations
  • Investigative Interview Strategies
  • Documenting Interviews
  • Understanding the Maneuver Warfare Mindset
  • The Threat Intelligence Cycle
  • Intelligence Collection
  • Analysis and Production
  • Dissemination of Intelligence
  • Threat Intelligence Sources
  • Network Forensics vs. Digital Forensics
  • General Process for Performing Analysis
  • Available Data Sources
  • Outlining the Approach
  • Selection of Analysis Methods
  • Evaluating Analysis Results
  • Responsibilities of The First Responder
  • The Host Device Power State
  • Standard Windows Directory Structure
  • Locating Endpoint Data
  • The Windows Registry
  • The Importance of IoT Devices
  • When to Perform a Live Response
  • Live Response Challenges
  • Selecting a Live Response Tool
  • Data Collection Considerations
  • Common Live Response Data
  • Collection Best Practices
  • Malware Triage Concepts
  • Malware Handling Procedures
  • Malware Distribution and Documentation
  • Assessing Malicious Sites
  • Introduction to Static and Dynamic Analysis
  • Automated Analysis: Sandboxes
  • Effective Incident Remediation
  • Assigning a Remediation Owner
  • Remediation Posturing Actions
  • Eradication Plan Development
  • Plan Timing and Execution
  • Developing Strategic Recommendations
  • Introduction to Report Writing
  • Report Style and Formatting
  • General Analysis Report Formatting
  • Quality Assurance for Investigative Reports
  • Report Content and Organization
  • Documenting Lessons Learned
  • Response Playbook Components
  • Building a Response Playbook
  • Common Playbook Response Scenarios
  • Planning Table-Top Exercises
  • Planning Simulated Attacks
  • Sample Playbook: Unauthorized Access

Hard Copy Course Materials (Included)

Course Textbook
Course Lab Textbook

Exam Prep Guide
Course Workbook & Labs

Lab Images (if Applicable)
Domain Assessment Quizzes

CPE Credit Certificate
Certification Examination

Certification Examination

Phase2 Advantage Cyber Security Certification Examination

Upon completion of instructor-led classroom courses, students will be prepared to sit for the certification examination. The proctored examination will be offered at the conclusion of the final training day consisting of True/False, Multiple Choice, and Fill in the Blank questions.

Students will have two hours to complete a computer-based examination consisting of 100 questions. A score of 70% or higher is required to earn the certification. Upon successful completion of the exam, students will receive a hardcopy of their certification and a proctor validation document from the course instructor. Students will also receive a 40-hour CPE Certificate regardless of their exam score.

The examination is “closed book.” However, students will be allowed to use their notes on material presented during the course.  Students will be required to turn off and secure digital devices, remain in the classroom, and refrain from distracting actions while the examination is in progress.

Additional Information

LANGUAGE

DURATION

LABS

CPE CREDIT

COURSE FEE

English

5 Days

Yes

40 CPE Credits

$3,000

Certification Exam, Course Materials, and Daily Lunches Included in Course Fee.

All Phase2 Advantage cyber security certification courses taught in a classroom format are conducted at Savannah Technical College in Savannah, Georgia.

The colleges’ five campus locations – Savannah Campus, Liberty Campus, Effingham Campus, Crossroads Campus, and the Fort Stewart Army Education Center – are conveniently located near major hotels, restaurants, and the Savannah / Hilton Head International Airport. Attractions such as Historic Downtown Savannah, River Street, Crosswinds Golf Club, and the beaches of Tybee Island are just a short distance from the Savannah training campus.

The Certified Cyber Incident Response Manager course is a component of the career progression track that supports the required Categories, Specialty Areas and Work Roles as defined by the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework.

Contact Us:  912.335.2217

Certification Courses ● Training Quotes Available Discounts