We may earn an affiliate commission when you visit our partners.
Course image
(ISC)² Education & Training

Risk Identification, Monitoring, and Analysis: In the Risk Identification, Monitoring, and Analysis session, you will learn how to identify, measure, and control losses associated with adverse events. You will review, analyze, select, and evaluate safeguards for mitigating risk.You will learn processes for collecting information, providing methods of identifying security events, assigning priority levels, taking the appropriate actions, and reporting the findings to the correct individuals. After collection of the details from monitoring, we can analyze to determine if the system is being operated in accordance with accepted industry practices, and in compliance with organization policies and procedures.

Read more

Risk Identification, Monitoring, and Analysis: In the Risk Identification, Monitoring, and Analysis session, you will learn how to identify, measure, and control losses associated with adverse events. You will review, analyze, select, and evaluate safeguards for mitigating risk.You will learn processes for collecting information, providing methods of identifying security events, assigning priority levels, taking the appropriate actions, and reporting the findings to the correct individuals. After collection of the details from monitoring, we can analyze to determine if the system is being operated in accordance with accepted industry practices, and in compliance with organization policies and procedures.

Incident Response and Recovery: In the Incident Response and Recovery Session, you will gain an understanding of how to handle incidents using consistent, applied approaches in order to resolve. Once an incident is identified, action will be necessary in order to resolve. We will examine processes such as damage recovery, data integrity and preservation, and the collection, handling, reporting, and prevention. You will be introduced to the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) concepts and how they can be utilized in order to mitigate damages, recover business operations, and avoid critical business interruption. Through the use of the DRP, you will understand the procedures for emergency response and post-disaster recovery.

Course Objectives

1. Describe the risk management process

2. Perform security assessment activities

3. Describe processes for operating and maintaining monitoring systems

4. Identify events of interest

5. Describe the various source systems

6. Interpret reporting findings from monitoring results

7. Describe the incident handling process

8. Contribute to the incident handling process based upon role within the organization

9. Describe the supporting role in forensics investigation processes

10. Describe the supporting role in the business continuity planning process

11. Describe the supporting role in the disaster recovery planning process

Enroll now

Two deals to help you save

What's inside

Syllabus

Understand the Risk Management Process
Module Topic: Risk Visibility and Reporting, Risk management Concepts, Risk Assessment, Risk Treatment, Audit Findings. In Risk visibility and Reporting, you will learn about risk register, creating a risk register, risk register, and risk management steps. In Risk Management Concepts, you will learn about, key terms, and generic risk model with key factors - NIST SP 800-30 R1. In risk Assessment, you will learn about NIST SP 800- 30 R1 risk assessment methodology, Step 1. prepare for the assessment, Step 2. conduct the assessment, Step 2a. identify threat sources, step 2b. identify potential threat events, step 2c. identify vulnerabilities and predisposing conditions, step 2d. determine likelihood, step 2e. determine impact, step 2f. risk determination, risk level matrix, risk levels, step 3. communicating and sharing risk assessment information, step 4. maintaining the risk assessment, and risk assessment activity. In Risk Treatment, you will learn about, risk mitigation, example control: passwords, control selection, residual risk, risk transference, risk avoidance, and risk acceptance. In audit Findings, you will learn about auditors, types of audits, audit methodologies, auditor responsibilities, audit scope, documentation, and response to audit.
Read more
Perform Security Assessment Activities
Module Topics: Participate in Security and Test Results, Penetration Testing. In Participate in Security and Test Results, you will learn about vulnerability scanning and analysis, vulnerability testing software categories, vulnerability testing qualities, potential problems, host scanning, host security considerations, traffic types, security gateway types, wireless networking testing, potential security issues, searching for rogue access points, locking down the enterprise, wireless tools, war dialing, and war driving. In Penetration Testing you will learn about penetration testing modes, white box / hat, gray box / hat, black box / hat, phase 1: preparation, reporting, phase 2: reconnaissance and network mapping techniques, reconnaissance, social engineering and low-tech reconnaissance, whois attacks, DNS zone transfers, network mapping, network mapping techniques, firewalking, basic built-in tools, phase 3: information evaluation and risk analysis, phase 4: active penetration, phase 5: analysis and reporting, penetration testing high-level steps.
Operate and Maintain Monitoring Systems & Analyze and Report Monitoring Results
Module Topics: Events of Interest, Logging, source Systems, Security Analytics, metrics, and Trends, Visualization, Event Data Analysis, Communication of Findings. In Events of Interest you will learn about, monitoring terminology, Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), comparing IDS and IPS, types of IDS/IPS devices, deploying HIDS and NIDS, implementation issues for monitoring, monitoring control, other considerations, sample questions to consider, collecting data for incident response, monitoring response techniques, attackers, attacker motivations, intrusions, events, types of monitoring, and file integrity checkers, continuous/compliance monitoring. In Logging, you will learn about reviewing host logs, reviewing incident logs, log anomalies, log management, clipping levels, filtering, log consolidation, log retention, centralized logging (syslog and log aggregation), syslog, distributed log collectors, hosted logging services, configuring event sources (s-flow, NetFlow, sniffer), Cosco NetFlow, What is an IP Flow, IP packet attributes, understanding network behavior, how to access the data produced by NetFlow, How does the router or switch determine which flows to export to the NetFlow collector server, format of the export data, sFlow, event correlation systems (security, information, and event management (SIEM)), SIEM functions, compliance, enhanced network security and improved IT/security operations, and full packet capture. In Source System, you will learn about comprehensive application, middleware, OS, and infrastructure monitoring, hyper capabilities, and operations manager. Analyze and Report Monitoring: In Security Analytics, Metrics, and Trends, you will learn about security baseline, network security baseline, metrics and analysis (MA), systems security engineering capability maturity model (SSE-CMM), and potential metrics. In visualization topic, you will learn about data visualization tools. In Event Data Analysis, you will learn about logs, log management, log management recommendations, and Potential uses of server log data. In Communication of Findings, you will learn about checklist for report writers and reviewers.
Incident Response and Recovery
Module Topics: Preparation, Detection and Analysis, Containment, Eradication, and Recovery, Post-Incident Activity, Implementation of Countermeasures. In Introduction, you will learn about incident response, and basic definitions. In preparation, you will learn about elements of an incident response policy, incident response plan, training, incident response tools, communication planning, communication with law enforcement, media, requirements for effective incident handling, the incident response team, core team areas, centralized and decentralized teams, team structure, team conditions that support success, and other considerations. In Detection and Analysis, you will learn about Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), types of intrusion systems, intrusion detection techniques, false positives and false negatives, anti-malware systems, security information event management (SIEM), Incident analysis, packet sniffers, Inline SSL decryption devices, incident documentation, records, assessing risk, response, containment strategy considerations, Delaying containment, areas of focus, defining an incident, triage, and notification. In Containment, Eradication, and Recovery, you will learn about common containment activities, and eradication. In post-incident activity, you will learn about effective incident response. In implementation of Countermeasures, you will learn about implementation steps.
Understand and Support Forensic Investigations & Business Continuity and Disaster Recovery Plan
Module Topic: Forensic Investigations, Emergency Response Plans and Procedures, Disaster Recovery Planning, Interim or Alternate processing Strategies, Backup and Redundancy Implementation, System and Data Availability, Testing and Drills. Understand and Support Forensic Investigations: In Forensic Investigations, you will learn about crime scene, live evidence, Locard's principle, criminal behavior, incident response team, general guidelines, rules of thumb, evidence gathering, Hash algorithms, criminal charges, documentation, five rules of evidence, media analysis, network analysis, software analysis, author identification, content analysis, context analysis, hardware/embedded device analysis, NIST recommendations, and incident response. Understand and Support Business Continuity Plan: In Emergency Response Plans and Procedures, you will learn about business continuity planning, establish a business continuity program, Business Impact Analysis (BIA), key concepts, maximum tolerable downtime (MTD), Recovery Time Objective (RTO), Recovery Point Objective (RPO), Financial and Nonfinancial impacts, stakeholder input, BIA completion process, BIA project stages, Identify critical IT resources, Identify disruption impacts, and development recovery priorities. In Disaster Recovery Planning, you will learn about Identity types of potential disasters, assets, personnel considerations, and related documents. In Interim or Alternate Processing Strategies, you will learn about cold site, warm site, hot site, multiple processing sites, and mobile sites. In Backup and Redundancy Implementation, you will learn about full backup, differential backup, incremental backup, evaluating alternatives, Off-site storage, electronic vaulting, and remote journaling. In System and Data Availability, you will learn about clustering, high-availability clustering, load-balancing clustering, redundant array of independent disks (RAID), data redundancy techniques, and RAID levels. In Testing and Drills, you will learn about checklist test, structured walkthrough test, simulation testing, parallel testing, full interruption testing, and plan review and maintenance.
Case Study
This assignment is based on a case study that will require the student to put into practice the knowledge they have gained through the course. It requires the basic understanding of the topics and the ability to relate those topics to the real world. The objective of review is to determine whether the student has understood the concepts and has performed the necessary analysis to ensure a complete and thorough answer.
Exam

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Explores industry-standard methods for security management
Suitable for professionals in IT, cybersecurity, and other related fields
Taught by experts at (ISC)² Education & Training, a reputable organization in cybersecurity
Covers topics in risk identification, monitoring, analysis, incident response, and recovery
Provides hands-on experience through case studies and assignments
Requires students to have some prior knowledge in security concepts

Save this course

Save Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery to your list so you can find it easily later:
Save

Reviews summary

Highly praised risk management course

Learners say this risk management and incident response course is well organized and highly informative. Students largely appreciate the quality of the lectures and the real-world examples that are provided. This leads to engaging assignments and practical exercises that benefit the learner. The instructor provides well documented notes that aid in understanding the key ISC concepts included in this course. Overall, this course is highly recommended for students who seek to enter the world of risk analysis.
Learners particularly enjoy the exercises and assignments.
"Very Useful Course and Best learning experience."
"engaging assignments"
"practical exercises"
Learners appreciate the lectures and materials.
"Excellent Trainer"
"Execellent course for professionals"
"Excellent course and get material."
The instructor communicates complex concepts in a way that is easy to understand.
"The instructor is one of the best here. He knows how to teach, and provided well documented notes which makes it easier to go through."
"The lecturer keeps attention and gives a lot of practical examples."
"clear concept"
Students highly praise the course overall.
"Its the best and its training methodology is superb."
"Very informative course and the tutor is really good !!!"
"Knowledge gained,how do i get my certificate"

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery with these activities:
Review the book 'Incident Response for Computer Security'
Gain foundational knowledge and insights on incident response by reviewing this comprehensive book.
Show steps
  • Obtain a copy of the book.
  • Read the book thoroughly and take notes.
  • Reflect on the concepts and techniques discussed in the book.
Practice risk identification exercises
Practice answering risk identification questions to improve your ability to identify risks effectively.
Show steps
  • Review the course material on risk identification.
  • Complete the practice questions provided in the course or textbook.
  • Create your own risk identification scenarios and practice identifying the risks.
Participate in a group discussion on incident response
Engage in discussions with peers to share insights, experiences, and best practices on incident response.
Show steps
  • Find a group of peers to discuss incident response with.
  • Prepare topics or questions for discussion.
  • Actively participate in the discussion and share your perspectives.
Five other activities
Expand to see all activities and additional details
Show all eight activities
Create a security monitoring dashboard
Create a dashboard to monitor and visualize security events to enhance your understanding of security monitoring systems.
Show steps
  • Identify the key security metrics you want to monitor.
  • Collect data from relevant sources.
  • Use a visualization tool to create the dashboard.
Contribute to an open-source incident response tool
Enhance your technical skills and understanding of incident response by contributing to an open-source project.
Show steps
  • Find an open-source incident response tool that aligns with your interests.
  • Review the project documentation and identify areas where you can contribute.
  • Propose your contributions and collaborate with the project maintainers.
Attend an incident response workshop
Attend an incident response workshop led by an expert trainer to acquire hands-on experience.
Show steps
  • Research and find an incident response workshop that aligns with your learning goals.
  • Register for the workshop.
  • Attend the workshop and actively participate in the exercises and discussions.
Develop an incident response plan for a specific organization
Enhance your understanding of incident response planning by drafting a comprehensive plan.
Show steps
  • Identify the scope and objectives of the incident response plan.
  • Gather information about the organization's assets, threats, and vulnerabilities.
  • Develop procedures for incident detection, response, and recovery.
  • Test and validate the incident response plan.
Volunteer at a security operations center
Gain practical experience by assisting in real-world security operations and incident response activities.
Show steps
  • Find a security operations center that offers volunteer opportunities.
  • Apply for the volunteer position.
  • Attend the necessary training and orientation.
  • Work under the guidance of experienced security professionals.

Career center

Learners who complete Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery will develop knowledge and skills that may be useful to these careers:
Forensic Analyst
A Forensic Analyst collects, analyzes, and interprets digital evidence to support criminal investigations. This course can help build a foundation in forensic investigations, which is a critical skill for Forensic Analysts. The course covers topics such as evidence gathering, crime scene management, and incident response, which are all essential knowledge for success in this field.
Security Analyst
A Security Analyst identifies, analyzes, and mitigates security risks to protect an organization's assets. This course can help build a strong foundation in risk management and incident response, which are key responsibilities for Security Analysts. The course covers topics such as risk assessment, security testing, and incident handling, which are all essential knowledge for success in this field.
Penetration Tester
A Penetration Tester identifies vulnerabilities in an organization's systems and networks by simulating attacks. This course can help build a strong foundation in security assessment, which is a critical skill for Penetration Testers. The course covers topics such as vulnerability scanning, penetration testing, and incident response, which are all essential knowledge for success in this field.
Incident Responder
An Incident Responder investigates and resolves security incidents to minimize damage and downtime. This course can help build a strong foundation in incident response, which is a critical skill for Incident Responders. The course covers topics such as incident handling, forensics, and security analytics, which are all essential knowledge for success in this field.
Security Engineer
A Security Engineer designs, implements, and maintains security systems to protect an organization's assets. This course can help build a strong foundation in security management, which is a critical skill for Security Engineers. The course covers topics such as risk management, security assessment, and incident response, which are all essential knowledge for success in this field.
Risk Manager
A Risk Manager identifies, analyzes, and mitigates risks to an organization's assets. This course can help build a strong foundation in risk management, which is a critical skill for Risk Managers. The course covers topics such as risk assessment, risk treatment, and risk reporting, which are all essential knowledge for success in this field.
Compliance Auditor
A Compliance Auditor ensures that an organization meets regulatory requirements. This course can help build a strong foundation in compliance, which is a critical skill for Compliance Auditors. The course covers topics such as risk assessment, security controls, and incident response, which are all essential knowledge for success in this field.
Business Continuity Planner
A Business Continuity Planner develops and implements plans to ensure that an organization can continue to operate during and after a disaster or other disruption. This course can help build a strong foundation in business continuity planning, which is a critical skill for Business Continuity Planners. The course covers topics such as risk assessment, disaster recovery, and incident response, which are all essential knowledge for success in this field.
Disaster Recovery Planner
A Disaster Recovery Planner develops and implements plans to ensure that an organization can recover from a disaster or other disruption. This course can help build a strong foundation in disaster recovery planning, which is a critical skill for Disaster Recovery Planners. The course covers topics such as risk assessment, business continuity, and incident response, which are all essential knowledge for success in this field.
Business Analyst
A Business Analyst identifies and analyzes business needs and develops solutions to meet those needs. This course may be useful for Business Analysts who want to specialize in security or risk management.
Systems Analyst
A Systems Analyst designs, implements, and maintains computer systems to meet the needs of an organization. This course may be useful for Systems Analysts who want to specialize in security or risk management.
Network Administrator
A Network Administrator manages and maintains computer networks to ensure that they are operating efficiently and securely. This course may be useful for Network Administrators who want to specialize in security or risk management.
Database Administrator
A Database Administrator manages and maintains databases to ensure that they are operating efficiently and securely. This course may be useful for Database Administrators who want to specialize in security or risk management.
Software Developer
A Software Developer designs, develops, and maintains software applications. This course may be useful for Software Developers who want to specialize in security or risk management.
Information Security Manager
An Information Security Manager develops and implements security policies and procedures to protect an organization's assets. This course may be useful for Information Security Managers who want to specialize in risk management or incident response.

Reading list

We've selected ten books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery .
The ISO 31000 family of standards provides guidance on risk management. provides a comprehensive overview of the risk management process, including risk identification, assessment, evaluation, and treatment.
Provides a comprehensive overview of incident response and recovery. It covers the entire incident response process, from preparation and response to recovery and follow-up.
This publication provides a comprehensive list of security and privacy controls for federal information systems and organizations. It valuable resource for anyone who is responsible for implementing security controls.
Provides a comprehensive overview of business continuity and disaster recovery planning for IT professionals. It covers the entire planning process, from risk assessment and mitigation to recovery and restoration.
This publication provides guidance on conducting risk assessments for information systems. It covers the entire risk assessment process, from planning and preparation to reporting and documentation.
Provides a practical guide to managing information security risks. It covers the entire risk management process, from risk identification and assessment to risk mitigation and monitoring.
This publication provides comprehensive guidance on computer security incident handling. It valuable resource for anyone who is responsible for handling security incidents.
Provides a comprehensive overview of network security threats and vulnerabilities. It valuable resource for anyone who wants to learn more about how to protect their networks from attack.
Provides a comprehensive overview of security assessment techniques. It covers both offensive and defensive techniques, and it valuable resource for anyone who wants to learn more about how to protect their systems from attack.
Provides a comprehensive overview of digital forensics. It covers the entire digital forensics process, from evidence collection and preservation to analysis and reporting.

Share

Help others find this course page by sharing it with your friends and followers:

Similar courses

Here are nine courses similar to Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery .
Incident Response, BC, and DR Concepts
Most relevant
Incident Response and Recovery for SSCP®
Most relevant
Incident Detection and Response
Most relevant
Planning for High Availability and Incident Response
Most relevant
Business Continuity (BC), Disaster Recovery (DR) &...
Most relevant
Healthcare and Crisis Preparation
Most relevant
Managing Cybersecurity Incidents and Disasters
Most relevant
DP-203: Secure, Monitor, and Optimize Data Storage and...
Most relevant
Operations and Incident Response for CompTIA Security+
Most relevant
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser