Résumé du cours
Analysis of past incidents shows repeatedly: Human error is the most common cause of delays and serious failures when dealing with cybersecurity incidents. In our SOC Master Class, we prepare you for the dynamics and complexity of such situations with numerous learning and practice elements.
In the training, participants are introduced to the essential technologies and processes for detecting and remediating cyberattacks. The knowledge acquired is then practiced in each case by means of the participants' own handling of simulated live attacks. For this purpose, an arena is used in which participants can safely practice various tactics for defense and remediation. In particular, cross-functional collaboration is also addressed. The exercises include technical elements as well as elements of incident, emergency and crisis management.
The Master Class is conducted by a facilitator ("White Team Trainer") and accompanied by an attacker ("Red Team Trainer").
Moyens d'évaluation :
- Quiz pré-formation de vérification des connaissances (si applicable)
- Évaluations formatives pendant la formation, à travers les travaux pratiques réalisés sur les labs à l’issue de chaque module, QCM, mises en situation…
- Complétion par chaque participant d’un questionnaire et/ou questionnaire de positionnement en amont et à l’issue de la formation pour validation de l’acquisition des compétences
A qui s'adresse cette formation
Executives, managers and auditors for IT and information security, employees from the areas of IT and information security.
Pré-requis
The Master Class does not require specialized knowledge of specific technologies. Knowledge of IT security principles and information security management should be present.
Contenu
Malware
- Current cyber threat situation and known incidents
- Introduction to function and analysis of malware
- Practice: Use of tools for malware analysis
SIEM, Level 1
- Security Information and Event Management (SIEM) Introduction
- SIEM architectures
- Introduction Security Incident Management (SIM)
- Practice: Use of Splunk and predefined rules for attack detection
Management of cyber crises, Level 1
- Good and bad examples
- Core process for crisis management
- Situation center and situation pictures
- Practice: Managing a serious cyber incident
Network forensics
- Recap: TCP/IP protocol family
- Secure network architectures
- Introduction to protocol analysis tools
- Practice: Detecting network-level attacks
SIEM, Level 2
- Practice: Creating your own rules based on attacks
SOC Management and Reporting
- SOC processes and roles
- Practice: SIM process creation
- KPI reporting
Management of cyber crises, Level 2
- Introduction to TIBER-DE
- Crisis communication
- Practice: Creation of own cyber crisis exercises
Team exercise
- Joint defense of a realistic cyber incident from detection to management
Allemand
Allemagne
Moyens Pédagogiques :