Instructor: cirosec consultant
Duration: 1 day - January 26, 2021
This whole-day seminar addresses current methods of incident handling and incident response as a preparation for possible future incidents.
Before a forensic investigation can take place, the incident first has to be identified as such. For this purpose, both technical and organizational means and processes must be applied. The detection is followed by a direct reaction in the form of incident response, which tries to capture the incident and process it for the subsequent forensic investigation. The ISO 27035 standard provides a guideline for the detection and handling of security incidents. In practice, however, this framework only provides the basis for a company’s individual regulations and processes. Most of the times, a close link with the (IT) security management, the IT and other areas such as the human resources and legal departments as well as employee representations is essential. Depending on the type of incident, contacts to authorities or the police are also required.
During the seminar, we will first go into how a security incident can be detected: both technical possibilities for the detection of potential security incidents on endpoints and in the network will be discussed and organizational measures presented. We will then demonstrate how using the ISO 27035 standard can ensure a systematic approach to handling an incident. Additional requirements for KRITIS-relevant companies will be considered as well.
Building on this, we will use example cases to explain in detail the correct procedure in case a hacker intrusion, data abuse, data theft or data deletion is suspected or in case of unauthorized use of corporate communication options.
After completing the seminar, the participants will not only know how to establish an incident response process in an enterprise and develop it further but also what requirements have to be met regarding the collection, storage and evaluation of digital traces as evidence.
- ISO 27035 standard as a guideline for incident response
- Prerequisites for incident response
- Organizational conditions for incident response
- Incident handling process
- Specifics and reporting obligations relating to KRITIS
- Preparations for forensic investigations and threat hunting
Target group: Security managers, CERTs, company investigators
Requirement: Basic IT knowledge; knowledge of attacking possibilities and hacking techniques is an advantage
Price: € 995
Date: January 26, 2021