EC-Council Certified Incident Handler didesain untuk memberikan keterampilan dasar untuk menangani dan merespon insiden keamanan komputer dalam sebuah sistem informasi. Pelatihan ini bertujuan untuk memberikan prinsip dan teknik untuk mendeteksi dan menanggapi kondisi saat ini dan menyelasikan ancaman keamanan komputer. Peserta pelatihan akan mempelajari bagaimana untuk menangani berbagai macam insiden, asesmen risiko metodologi, dan berbagai kebijakan dan hukum terkait penanganan insiden. Setelah mengikuti pelatihan ini, peserta akan mampu menciptakan penanganan insiden dan menanggapi kebijakan untuk berurusan dengan berbagai macam ancaman keamanan komputer. Dengan pelatihan yang komprehensif maka peserta akan mampu menanggapi berbagai macam insiden keamanan seperti insiden keamanan jaringan, insiden yang tidak dikenal, dan ancaman penyerangan dalam jaringan internal.
Sebagai tambahan, peserta pelatihan juga akan mempelajari tentang forensik dan peranannya dalam penanganan dan menanggapi insiden. Pelatihan ini juga akan meliputi tim tanggap insiden, metode pelaporan insiden, dan teknik pemulihan insiden secara detil.
Sertifikasi
Peserta akan mendapatkan sertifikasi Certified Incident Handler dengan mengikuti pelatihan & exam.
Tujuan Training
- Setelah mengikuti pelatihan ini, para peserta diharapkan mampu memahami Penanganan Masalah yang ada dalam IT.
Garis Besar Pelatihan
- Overview of Incident Response and Handling
- Statistics on Cyber Incidents
- Computer Security (CS)
- Business Assets – Information
- Classifying Data
- Common Terms
- Information Warfare
- Key Theories For Information Security
- Vulnerability, Threat, and Attack
- CS Incident Types and Examples
- Incidents and Disaster Recovery Plans
- Common Signals of an Incident
- Low, Middle and High Level Categories of Incidents
- Prioritization
- Response and Handling
- Technologies for Disaster Recovery
- Virtualization’s Impact
- Incident Costs
- Reporting
- Vulnerability Resources
- Risk Assesments
- Overview of Risk
- Policies and Assessment
- Method for Risk Assessment by NIST
- Assessing Workplace Risk
- Strategies for Analyzing and Mitigating Risk
- Cost/Benefit Analysis
- Method for Control Implementation by NIST
- Residual Risk
- Tools for Managing Risk
- Steps for Incident Response and Handling
- Identifying and Handling an Incident
- Need for and Goals of Incident Response
- Creating an Effective Plan for Incident Response
- 17 Steps for Incident Response and Handling
- Training and Creating Awareness
- Security Training and Awareness Checklist
- Managing Incidents
- Incident Response Team
- Interrelationship Between Incident Response, Handling, and Management
- Common Best Practices and Policy
- Creating a Checklist
- RTIR – Incident Handling System
- RPIER – 1st Responder Framework
- CSIRT
- Computer Security Incident Response Team (CSIRT)
- Purpose of an IRT
- Goals, Strategy and Vision of a CSIRT
- CSIRT – Common Names
- Mission Statement
- Constituency and CSIRT’s Place within an Organization
- Peer Relationship
- Environment Types for CSIRT
- Creating a CSIRT
- Team Roles
- Services, Policies and Procedures
- Handling a Case and the Incident Report Form
- Techniques for Tracking and Reporting
- CERT
- CERT-CC
- CERT(R) Coordination Center: Incident Reporting Form
- CERT:OCTAVE
- World CERTs
- IRTs Around the World
- Handling Incidents with Network Security
- DoS and DDoS Incidents
- Detecting a DoS Attack
- Preparing for a DoS Attack and How to Handle It
- Incidents of Unauthorized Access
- Incidents of Inappropriate Usage
- Incidents with Many Components
- Tools for Monitoring Network Traffic
- Tools for Auditing the Network
- Network Protection Tools
- Malicious Code Incidents
- Malware Samples Count
- Viruses, Worms, Trojans and Spywares
- Preparing for Incident Handling
- Incident Prevention
- Detection of Malware
- Creating a Strategy for Containment
- Gathering and Handling Evidence
- Eradication and Recovery
- Recommendations
- Antivirus Systems
- Insider Threats
- Overview and Anatomy of an Insider Attack
- Risk Matrix
- Detecting and Responding to Insider Threats
- Insider’s Incident Response Plan
- Common Guidelines for Threat Detection and Prevention
- Tools for Monitoring Employees
- Forensic Analysis and Incident Response
- Computer Forensics
- Objectives and Role of Forensic Analysis
- Forensic Readiness And Business Continuity
- Forensic Types
- Computer Forensic Investigators and the Investigation Process
- Overview and Characteristics of Digital Evidence
- Overview and Challenges of Collecting Evidence
- Forensic Policy
- Forensics in the IS Life Cycle
- Guidelines and Tools for Forensic Analysis
- Incident Reporting
- Overview of Incident Reporting and Why You Should Report Any Incidents
- Why Many Organizations Don’t Report
- Creating the Report and Where to Send It
- Preliminary Reporting Form
- CERT Incident Reference Numbers
- Incorporating Contact Information
- Host Summary and Activity Description
- Log Extracts
- Time Zone
- Incident Categories
- Organizations to Report Computer Incident
- Guidelines to Follow
- Sample Reporting Forms
- Incident Recovery
- Overview of Incident Recovery and Common Principles
- Steps for Recovery
- Contingency and Continuity of Operations Planning
- Business Continuity Planning
- Incident Recovery Plans and the Planning Process
- Security Laws and Policies
- Introduction to and the Key Pieces of a Security Policy
- Common Policy Goals and Characteristics
- Designing and Implementing a Security Policy
- Acceptable Use Policy (AUP)
- Access and Asset Control Policies
- Audit Trail
- Logging
- Documenting
- Collecting and Preserving Evidence
- Information Security
- NIACAP Policy
- Physical Security Guidelines and Policies
- Personnel Security Guidelines and Policies
- Law and Incident Handling
- Laws and Acts
- IP Laws
Siapa Yang Perlu Hadir?
- Risk Assessment Administrators
- Penetration Testers
- Venerability Assessment Auditors
- System Engineers
- Incident Handlers
- Cyber Forensic Investigators
- System Administrators
- Firewall Administrators
- IT Managers
- Network Managers
- IT Professionals interested in learning more about incident handling
Prasyarat Peserta
Pelatihan ini disarankan untuk peserta yang memiliki pengetahuan dan keahlian antara lain:
- Peserta harus sudah mengikuti Pelatihan keamanan dan sudah memiliki paling tidak pengalaman dalam bidang keamanan komputer minimal 2 tahun.
Durasi Pelatihan
2 Hari