ECIH – EC-Council Certified Incident Handler

1 Step 1

Durasi Pelatihan : 2 Hari

Deskripsi Pelatihan

ECIH – EC-Council Certified Incident Handler didesain untuk memberikan keterampilan dasar untuk menangani dan merespon insiden keamanan komputer dalam sebuah sistem informasi. Pelatihan ini bertujuan untuk memberikan prinsip dan teknik untuk mendeteksi dan menanggapi kondisi saat ini dan menyelasikan ancaman keamanan komputer. Peserta pelatihan akan mempelajari bagaimana untuk menangani berbagai macam insiden, asesmen risiko metodologi, dan berbagai kebijakan dan hukum terkait penanganan insiden. Setelah mengikuti pelatihan ini, peserta akan mampu menciptakan penanganan insiden dan menanggapi kebijakan untuk berurusan dengan berbagai macam ancaman keamanan komputer. Dengan pelatihan yang komprehensif maka peserta akan mampu menanggapi berbagai macam insiden keamanan seperti insiden keamanan jaringan, insiden yang tidak dikenal, dan ancaman penyerangan dalam jaringan internal.

Sebagai tambahan, peserta pelatihan juga akan mempelajari tentang forensik dan peranannya dalam penanganan dan menanggapi insiden. Pelatihan ini juga akan meliputi tim tanggap insiden, metode pelaporan insiden, dan teknik pemulihan insiden secara detil.

Tujuan Training

Setelah mengikuti pelatihan ini, para peserta diharapkan mampu memahami Penanganan Masalah yang ada dalam IT

Target Peserta Pelatihan

Risk Assessment Administrators
Penetration Testers
Venerability Assessment Auditors
System Engineers
Incident Handlers
Cyber Forensic Investigators
System Administrators
Firewall Administrators
IT Managers
Network Managers
IT Professionals interested in learning more about incident handling

Prasarat Peserta Pelatihan

Peserta harus sudah mengikuti Pelatihan keamanan dan sudah memiliki paling tidak pengalaman dalam bidang keamanan komputer minimal 2 tahun

Garis Besar Pelatihan

Overview of Incident Response and Handling

Statistics on Cyber Incidents
Computer Security (CS)
Business Assets – Information
Classifying Data
Common Terms
Information Warfare
Key Theories For Information Security
Vulnerability, Threat, and Attack
CS Incident Types and Examples
Incidents and Disaster Recovery Plans
Common Signals of an Incident
Low, Middle and High Level Categories of Incidents
Prioritization
Response and Handling
Technologies for Disaster Recovery
Virtualization’s Impact
Incident Costs
Reporting
Vulnerability Resources

Risk Assesments

Overview of Risk
Policies and Assessment
Method for Risk Assessment by NIST
Assessing Workplace Risk
Strategies for Analyzing and Mitigating Risk
Cost/Benefit Analysis
Method for Control Implementation by NIST
Residual Risk
Tools for Managing Risk

Steps for Incident Response and Handling

Identifying and Handling an Incident
Need for and Goals of Incident Response
Creating an Effective Plan for Incident Response
17 Steps for Incident Response and Handling
Training and Creating Awareness
Security Training and Awareness Checklist
Managing Incidents
Incident Response Team
Interrelationship Between Incident Response, Handling, and Management
Common Best Practices and Policy
Creating a Checklist
RTIR – Incident Handling System
RPIER – 1st Responder Framework

CSIRT

Computer Security Incident Response Team (CSIRT)
Purpose of an IRT
Goals, Strategy and Vision of a CSIRT
CSIRT – Common Names
Mission Statement
Constituency and CSIRT’s Place within an Organization
Peer Relationship
Environment Types for CSIRT
Creating a CSIRT
Team Roles
Services, Policies and Procedures
Handling a Case and the Incident Report Form
Techniques for Tracking and Reporting
CERT
CERT-CC
CERT(R) Coordination Center: Incident Reporting Form
CERT:OCTAVE
World CERTs
IRTs Around the World

Handling Incidents with Network Security

DoS and DDoS Incidents
Detecting a DoS Attack
Preparing for a DoS Attack and How to Handle It
Incidents of Unauthorized Access
Incidents of Inappropriate Usage
Incidents with Many Components
Tools for Monitoring Network Traffic
Tools for Auditing the Network
Network Protection Tools

Malicious Code Incidents

Malware Samples Count
Viruses, Worms, Trojans and Spywares
Preparing for Incident Handling
Incident Prevention
Detection of Malware
Creating a Strategy for Containment
Gathering and Handling Evidence
Eradication and Recovery
Recommendations
Antivirus Systems

Insider Threats

Overview and Anatomy of an Insider Attack
Risk Matrix
Detecting and Responding to Insider Threats
Insider’s Incident Response Plan
Common Guidelines for Threat Detection and Prevention
Tools for Monitoring Employees

Forensic Analysis and Incident Response

Computer Forensics
Objectives and Role of Forensic Analysis
Forensic Readiness And Business Continuity
Forensic Types
Computer Forensic Investigators and the Investigation Process
Overview and Characteristics of Digital Evidence
Overview and Challenges of Collecting Evidence
Forensic Policy
Forensics in the IS Life Cycle
Guidelines and Tools for Forensic Analysis

Incident Reporting

Overview of Incident Reporting and Why You Should Report Any Incidents
Why Many Organizations Don’t Report
Creating the Report and Where to Send It
Preliminary Reporting Form
CERT Incident Reference Numbers
Incorporating Contact Information
Host Summary and Activity Description
Log Extracts
Time Zone
Incident Categories
Organizations to Report Computer Incident
Guidelines to Follow
Sample Reporting Forms

Incident Recovery

Overview of Incident Recovery and Common Principles
Steps for Recovery
Contingency and Continuity of Operations Planning
Business Continuity Planning
Incident Recovery Plans and the Planning Process

Security Laws and Policies

Introduction to and the Key Pieces of a Security Policy
Common Policy Goals and Characteristics
Designing and Implementing a Security Policy
Acceptable Use Policy (AUP)
Access and Asset Control Policies
Audit Trail
Logging
Documenting
Collecting and Preserving Evidence
Information Security
NIACAP Policy
Physical Security Guidelines and Policies
Personnel Security Guidelines and Policies
Law and Incident Handling
Laws and Acts
IP Laws