Fundamentals of
Incident Handling

Course Overview

This five-day course gives information technology security staff a comprehensive overview of the issues and procedures for handling security incidents. The course also familiarizes attendees with the types of work an incident handler performs.

Fundamentals of Incident Handling is taught by one of the most prominent Network Security and Incident Response experts in the world, Dr. Klaus-Peter Kossakowski. He will share insights from his years of experience creating and working with incident response teams worldwide. Dr. Kossakowski was the first one to license the course source material from the CERT Coordination Center and has adapted it for an international audience.

Who should attend?

This course benefits prospective and new incident response staff seeking to learn and improve their incident response skills. It also benefits managers who wish to deepen their understanding of incident response issues. Suggested prerequisites include basic familiarity with Internet services and protocols and experience with system administration for Windows NT/2000, UNIX, or Linux systems.

After taking this course, participants often contact Dr. Kossakowski and his associates to arrange workshops and individual training sessions at their workplace to focus on advanced topics in incident response.

Course Objectives

This course will help technical staff understand how to:

• Gather the information necessary to characterize an incident
• Analyze a variety of security incidents
• Recognize and respond to incident attacks
• Avoid common mistakes in incident response
• Communicate and coordinate incident response services internally and externally

Course Topics

The course offers a realistic look at the range of work incident response teams engage in daily. The course covers the following topics:

• Strategies for incident response
• Overview of scans, probes, and intruder attacks
• Working with other incident response team members
• Techniques for gathering, tracking, and categorizing incident information
• Analyzing incident reports
• Handling common attacks such as email spoofing or spamming, denial of service attacks, and malicious code
• Coordinating organizational response
• Cryptographic and data security issues

Dr. Kossakowski uses interactive instruction, exercises, and role-playing to teach participants how to respond to security incidents.

Course Availability

For public course offerings please refer to our schedule.

Dr. Klaus-Peter Kossakowski is also available to teach the Fundamentals of Incident Handling at your site. Please send email to kpk@pre-secure.com if you are interested in this option.