online training course
INCIDENT RESPONSE
Effectively upskill employees and create a direct career development path into Incident Response with N2K’s IR course.
Course Overview
N2K’s Incident Response is a comprehensive role-based course that builds on N2K’s baseline Critical Knowledge program and SOC Analyst curriculum. Compiled into six (6) units, this training course covers highly technical and task-oriented topics parallel to explicit Incident Response functions.
Participants conduct guided lab exercises and complete tasks on virtual machines included in the course, with hours of on-demand lessons by an experienced instructor to help reinforce correct practice and application of skills. Practice exam assessments for CompTIA CySA+ are included as an added resource for employees interested in certification.
Workforce Framework for Cybersecurity
All N2K role-based courses are directly mapped to the Workforce Framework for Cybersecurity, or the NICE Framework, incorporating the knowledge, skills, abilities, and tasks (KSATs) to relevant cybersecurity job roles.
Prerequisites
It is recommended to have some professional work experience in security and hands-on skills with common security controls. However, there are no formal prerequisites.
Related Courses
N2K recommends that individuals new to cybersecurity or who could use a refresher complete N2K’s baseline Critical Knowledge program or the SOC Analyst course prior to enrolling in the Incident Response course. Recommended certifications to pursue following the IR course are CompTIA’s CySA+, CASP+ or PenTest+.
Who should take this course?
Individuals in the following roles and teams are excellent candidates for this course:
- Newly hired Incident Response analysts
- Current cybersecurity employees working in SOC or IR with 1-3 years of experience
- Junior Pentesters and Red Teams who want a better understanding of Blue Team or defensive operations
- CERT, CSIRT, CIRT, or greater SOC teams
Benefits of Training
There are a great number of benefits to taking the IR course, but a few highlights include:
- Role-based training to fast-track new hires’ time to operational status
- Real-life, hands-on scenarios to ensure long term comprehension and retention
- Provide a clear, long term career development plan for employees
case study
Cost-Savings of 75% on SOC Training for Fortune 50 Retail Organization
Course Outline
The Incident Response course spans 5 units in addition to a foundational pre-course unit. Click on the sections below to see the topic areas within each unit.
Pre-Course: Foundational Knowledge
Establish or revisit foundational concepts on networking basics, hosting, and indicators of compromise.
- Networking Basics
- Host Basics
- Indicators of Compromise
Unit 1: Incident Response Overview
Understand various roles within an organization and their responsibilities prior to, during, and after an incident occurs.
- Incident Response Overview
- Roles and Responsibilities
- Policies and Procedures
Unit 2: Attack Lifecycle
Overview of the Cyber KillChain and the Mitre Attack Framework.
- Cyber Kill Chain
- Mitre Attack Framework
Unit 3: Host & Network-Based Detection and Resolution
Become familiarized with means of detection and resolution of network intrusions and malware attacks.
- Network Analysis and Attack Identification
- Host and Network Intrusions
- Malware and Rogue Device Detection
Unit 4: Attack Patterns and Mechanisms
Understand attacks listed in the OWASP Top Ten, the methods these attacks propagate and affect an organization, and remediation techniques.
- Network-Based Attacks
- Host-Based Attacks
- Attack Methods
Unit 5: Forensics
Become familiarized with digital forensics and techniques used, review case studies, and partake in additional hands-on exercises.
- Forensics in Incident Response
- Forensics Methodologies
- Incident Response Case Study
- Incident Response Activity
This course includes:
- 50 Question Diagnostic Assessment
- 70+ Modular Video Lessons
- Configured REMnux and Windows 10 Virtual Machines
- 10+ Hours of Guided Labs
- 50+ Knowledge Check Questions
- IR SOP Manual (PDF)
- 50 Question Final Assessment
- (Optional) Practice Exam Preparation for CompTIA CySA+
- Engagement and Performance Analytics
- *For IR Managers or CIO
- *For IR Managers or CIO
Why N2K?
Data-Driven
Relevant
Efficient
Cost-Effective
Request Pricing
Why N2K?
DATA-DRIVEN
EFFICIENT
RELEVANT
COST-EFFECTIVE
Request Pricing
Request more information on training options for your cybersecurity teams. Private classes are available.
Incident Response FAQ’s
Does this course train towards a certification?
While certain course units and topics align with the objectives of select certifications, this course is not intended for exam preparation. However, practice exam assessment tools for the CompTIA CySA+ certification are included as an optional resource for participants who wish to certify.
How is training delivered?
This course is delivered both live online over six consecutive weeks with live instruction weekly from a dedicated instructor or video-on-demand. Both modalities include six months of access to all learning tools and materials in our proprietary LMS.
Who are the instructors?
- Rebecca Blair, Manager of Security Operations
- Jonathan Lanning, Senior Security Manager, Adjunct Instructor
- Timothy Stover, Content Developer
Is a certificate of completion available?
Yes! Participants receive a digital badge once they have successfully completed the course. This badge can be displayed on social profiles or email signatures. Click here to learn more about N2K’s digital badging.