Module 6- Incident Response LifeCycle
- Introduction, Definitions and Overview
- Phases of Incident Response
- Incident Management Process
- OODA Loop – Incident Response
- Incident Response Plan, Governance, & Risk Management
- Staffing models, team structure
- Blue Team vs Red Team vs Purple Team
- Building an IR team
- Security Operations Center
- SOC Member Roles
- IR plan components, RACI model
- Tabletop
- Golden Hour
- Best Practices – IR
- Incident Response Checklist
- Vendor and Incident Management
- 3rd party IR services
- Communications
- Creating a Communication Plan
- Internal Comms
- External Comms (partners & customers)
- After an Incident
- Legal Implications
- Legal Considerations
- Solving the Puzzle
- Representative Standards
- Regulatory Implications
- Unified Compliance Framework
- GDPR, HIPAA, GLBA, FISMA, PCI-DSS, NYDFS, NERC-CIP, ISO/IEC 27001, NIS Directive 2018: UK, CCPA
- Tools and Technologies ((detection, prevention, response, recovery, reporting))
- Defense in Depth
- Anti-Malware System
- Anti-Phishing System
- Network Behavior Monitoring System
- Code Review System
- Configuration Review System
- Identity and Access Management
- GRC Solution
- Firewall Solution
- IDS/IPS Solutions
- SIEM Solution
- Threat Intelligence System
- Vulnerability Scanners
- Data Leakage Prevention (DLP) System
- Forensic Tools
- Digital Forensics and Incident Management
- Organizing Forensic Capability
- Digital Forensics & IR Considerations
- Threats and Cyber Attacks
- Threat Intelligence
- Threat Diagnostics & Threat Feeds
- Standardizing Threat Information
- Standards for Threat Information Sharing
- Intro to Vendor Threat Intelligence
- Contingency Planning and Incident Management
- Contingency Plans
- Cost Impacts & Disruption Timelines
- Contingency Planning – Recovery Sites
Module 7- Protecting your Crown Jewels
- What is a Crown Jewel
- How to Identify Crown Jewels
- How to Protect Crown Jewels
- Network Controls
- Endpoint Protection
- Access Control
- Third Party Assurance
- Data Loss Prevention
- Threat and Vulnerability Management
- Business Continuity and Disaster Recovery
- Data Retention
- Backup and Recovery
- Incident Management
Module 8 - Identity and Access Management
- Fundamentals of IAM
- Why IAM
- Subject, Object, access and access controls
- IAM Policy
- IAM lifecycle
- Physical and logical access
- Difference between Identification, Authentication and Authorization
- Multi-factor Authentication
- IAM Security Principals
- Zero Trust
- Access control Models – RBAC, MAC , Attribute based access, Discretionary, Rule based
- High-level Building Blocks
- IAM Service Components
- Directory Services
- Web SSO
- Federated SSO
- Identity Governance and Administration
- Lifecycle Management
- Governance
- UEBA with IAM
- Behaviour Analytics
- Compliance
- IAM – Regulatory and Compliance
- IAM Controls
- User Accounts and Password Security
- Separation of Duties (SODs)
- Recertification
- Logging and monitoring
- IAM Token
- IAM Controls – CIS Standards
- Digital IoT Devices
- Human Access Control
- Assigning and Provisioning control
- Revocation control
- Access Control Lists (ACL)
- How to get IAM right
- Threat to Access Controls
- Privileged ID Controls
- Privileged Access Management (PAM)
- PAM – Best Practices
- Leading IAM Tools
Module 9 - Security Operations
- Endpoint Security Controls
- Defence-in-Depth – Endpoints
- Detective Controls
- Antivirus
- Endpoint Logs
- Endpoint Detection and Response
- Sandboxing
- Preventive Controls
- Response Controls
- Network Security Controls
- Defence-in-Depth – Networks
- Detective Controls
- Intrusion Detection/ Prevention System
- User Behavior Analysis
- Network Access Control
- Distributed Denial of Service
- Preventive Controls
- Tools – Firewalls
- Tools – DDoS Protection
- Tools – Web Security Filtering
- Tools – Cloud Access Security Broker
- Tools – Email Security
- Tools: Trust Zones
- Tools – Remote Access
- Application Security Controls
- Defence-in-Depth – Applications
- Detective Controls
- Preventive Controls
- Responsive controls
- Configuration Management
- Configuration Baselines and Standards
- On-Premise
- Cloud Management Responsibility Matrix
- Leverage Cloud Native Tools – IaaS
- Leverage Third-Party Monitoring Tools
- Vulnerability Management
- Inventory Management
- Vulnerability Detection
- Vulnerability Triage
- Vulnerability Remediation
- Exception Management
- Operations Management
- Metrics
- Documentation
- Administration
- Integrations
- Console Management
- Console Overload
- Cost Savings and Budget Implications
- Integration and Automation Benefits
- Operational Overhead
- Logging Support
- Training Costs
- Feedback Loops
Module 10 - Business Transformation and Enablement
- Cloud Transformation
- Security Implications
- Cloud-Specific Security Controls
- Cloud-Access Security Brokers
- Zero-Trust Architecture
- Secure Access Service Edge (SASE)
- Big Data, AI & Analytics
- Big Data & AI: The relationship
- Present Landscape of Big Data & AI
- Future Landscape
- Supply Chain Transformation
- How supply-chain capabilities and technologies have evolved
- Effective digital transformation of a supply chain
- Supply chain security challenges
- DevSecOps
- DevSecOps Mantra
- DevSecOps vs traditional software development
- Achieving true security/development integration
- DevSecOps Testing & Tools
- DevSecOps Adoption
- Soft Power
- Product Security
- Secure Design & Development (Waterfall, Agile, Hybrid)
- Secure Operations
- Operations Aspects of DevOps
- Practical Threat Modeling
- STRIDE & Associated Derivations
- Process for Attack Simulation and Threat Anlaysis (PASTA)
- Common Vulnerability Scoring System (CVSS)
- Mergers & Acquisitions
Module 11 -Legal Issues in Managing a Security Program
- Cybersecurity Legal Regimes: Multiple, Overlapping, Conflicting Laws
- What Law Governs Your Security Program?
- Data Protection Regimes
- Reasonable Safeguards
- Why Privacy in a Security Program?
- Common Types of Protected Information
- Biometrics
- Key Governance Policies: Legally Binding Duty of Care for Adequate or Reasonable
- Duty of Care in Cybersecurity : Unsettled
- What is reasonable and customary?
- 16 CFR 314.3 (Federal Trade Commission (FTC))
- Standards for safeguarding consumer information
- Industry Guidelines – FTC
- Dealing with Third Parties: Contractual Obligations and Supply Chain Cybersecurity Legal Issues
- Security requirements: reflected in contracts?
- NDAs, MSAs, SOWs
- Vendor/Contract Management
- Liability for Directors and Officers: Obligation to Satisfy Oversight of Cybersecurity
- Data Breach Investigations: Issues of the Fourth Amendment and of Privilege
- The Basics: The role of counsel during an incident
- Is your organization appropriately leveraging legal counsel during an incident?
- Security Incidents and Evidence
- Search and Seizure Issues
- Data Breach Notification and Security Incident Notification
- Regulatory and Compliance Reporting
- Internal and External Audits
- What is a HIPAA Business Associate?
- Contractual obligations
- Regulatory obligations
- Information Sharing: Cooperation with Law Enforcement and Sharing Cyber Threat Indicators
- How CISOs can best work with the FBI (Q&A)
- Information Sharing & Analysis Centers (ISACs)
- Resources: Info-sharing groups
- CERTs and CSIRCs
- Active Defense: Hacking Back, Cyber Privateers, and the Legal Implications of Innovations in Cybersecurity
- Principles for responding to an attacker
- Cybersecurity Information Sharing Act of 2015
- Data Awaiting Exfiltration
- Increasing the Cost?
- Privacy
- Why privacy and security? Why not ignore privacy?
- International Agreements on Privacy
- Biometrics
- Common Provisions of Privacy LawsCybersecurity Information Sharing Act of 2015