IT-Trainer Jobs und Stellenangebote: Certified SOC-Analyst (CSA)
Seminardauer: 3 Tage
Trainer gesucht
IT-Trainer Jobs und Stellenangebote: Certified SOC-Analyst (CSA), EC-Council, IT Security, IT-Security Spezialist.
Anmelden / Registrieren als Trainer
Agenda
SOC Essential Concepts
- Computer Network Fundamentals
- TCP/IP Protocol Suite
- Application Layer Protocols
- Transport Layer Protocols
- Internet Layer Protocols
- Link Layer Protocol
- IP Addressing and Port Numbers
- Network Security Controls
- Network Security Devices
- Windows Security
- Unix/Linux Security
- Web Application Fundamentals
- Information Security Standards, Laws and Acts
Security Operations and Management
- Security Management
- Security Operations
- Security Operations Center (SOC)
- Need of SOC
- SOC Capabilities
- SOC Operations
- SOC Workflow
- Components of SOC: People, Process and Technology
- People
- Technology
- Processes
- Types of SOC Models
- SOC Maturity Models
- SOC Generations
- SOC Implementation
- SOC Key Performance Indicators (KPI) and Metrics
- Challenges in Implementation of SOC
- Best Practices for Running SOC
- SOC vs NOC
Understanding Cyber Threats, IoCs, and Attack Methodology
- Cyber Threats
- Intent-Motive-Goal
- Tactics-Techniques-Procedures (TTPs)
- Opportunity-Vulnerability-Weakness
- Network Level Attacks
- Host Level Attacks
- Application Level Attacks
- Email Security Threats
- Understanding Indicators of Compromise (IoCs)
- Understanding Attacker’s Hacking Methodology
Incidents, Events, and Logging
- Incident
- Event
- Log
- Typical Log Sources
- Need of Log
- Logging Requirements
- Typical Log Format
- Logging Approaches
- Local Logging
- Centralized Logging
Incident Detection with Security Information and Event Management (SIEM)
- Security Information and Event Management(SIEM)
- Security Analytics
- Need of SIEM
- Typical SIEM Capabilities
- SIEM Architecture and Its Components
- SIEM Solutions
- SIEM Deployment
- Incident Detection with SIEM
- Examples of commonly Used Use Cases Across all SIEM deployments
- Handling Alert Triaging and Analysis
Enhanced Incident Detection with Threat Intelligence
- Understanding Cyber Threat Intelligence
- Why Threat Intelligence-driven SOC?
Incident Response
- Incident Response
- Incident Response Team (IRT)
- Where Does IRT Fits in the Organization?
- SOC and IRT Collaboration
- Incident Response (IR) Process Overview
- Step 1: Preparation for Incident Response
- Step 2: Incident Recording and Assignment
- Step 3: Incident Triage
- Step 4: Notification
- Step 5: Containment
- Step 6: Evidence Gathering and Forensic Analysis
- Step 7: Eradication
- Step 8: Recovery
- Step 9: Post-Incident Activities
- Responding to Network Security Incidents
- Responding to Application Security Incidents
- Responding to Email Security Incidents
- Responding to an Insider Incidents
- Responding to Malware incidents