WEBVTT

0:00:05.800000 --> 0:00:11.520000
 Hello everyone and welcome to the Instant
 Response Preparation course.

0:00:11.520000 --> 0:00:16.840000
 Now before we get started with this
 course I always like providing you

0:00:16.840000 --> 0:00:22.820000
 the student or learner with an overview
 of the course to sort of give

0:00:22.820000 --> 0:00:25.740000
 you an idea as to what we'll be covering.


0:00:25.740000 --> 0:00:32.200000
 And in addition to that I also like
 providing you with a set of learning

0:00:32.200000 --> 0:00:36.640000
 objectives or learning outcomes to give
 you again an idea as to what you

0:00:36.640000 --> 0:00:41.120000
 will know and what you will be able
 to do by the end of this course.

0:00:41.120000 --> 0:00:49.080000
 I think it's a very good way of setting
 ourselves goals and this will

0:00:49.080000 --> 0:00:53.760000
 become important because in the course
 summary video we will be revisiting

0:00:53.760000 --> 0:00:57.640000
 these learning outcomes or learning
 objectives to see whether we indeed

0:00:57.640000 --> 0:01:00.760000
 covered everything that
 we were supposed to.

0:01:00.760000 --> 0:01:05.100000
 But with that being said let's not waste
 any more time and let's get some

0:01:05.100000 --> 0:01:07.700000
 of the formalities out of the way.

0:01:07.700000 --> 0:01:10.480000
 So who am I? My name is Alexis Ahmed.

0:01:10.480000 --> 0:01:13.880000
 I'm the red and blue team
 instructor here at IME.

0:01:13.880000 --> 0:01:17.040000
 I'm also the red team
 lead at Hackersploit.

0:01:17.040000 --> 0:01:20.880000
 So now that we have the formalities
 out of the way let's get started by

0:01:20.880000 --> 0:01:26.180000
 getting an idea of some of the key concepts
 that will be covered within

0:01:26.180000 --> 0:01:33.620000
 this course. So these sort of represent
 major concepts or topics that

0:01:33.620000 --> 0:01:40.600000
 we will be covering and will then drill
 deeper into some of the more sectional

0:01:40.600000 --> 0:01:44.040000
 aspects or subtopics if you
 will that we'll be covering.

0:01:44.040000 --> 0:01:47.820000
 So the first key concept is incident
 response fundamentals.

0:01:47.820000 --> 0:01:52.680000
 So in the previous course you got an
 introduction to security operations

0:01:52.680000 --> 0:01:56.280000
 and security operations center and
 we touched a little bit on incident

0:01:56.280000 --> 0:02:01.180000
 response. In this course we're going
 to dive deep into incident response,

0:02:01.180000 --> 0:02:06.260000
 understand what it is, the various
 frameworks available, the incident

0:02:06.260000 --> 0:02:08.420000
 response process, etc.

0:02:08.420000 --> 0:02:12.400000
 As part of that the other key concept
 we're going to be exploring is going

0:02:12.400000 --> 0:02:23.740000
 to be around the incident response models
 or types of teams I should say

0:02:23.740000 --> 0:02:31.060000
 will also be exploring the roles and
 responsibilities within incident

0:02:31.060000 --> 0:02:36.560000
 response teams and how that can be assigned
 or how responsibilities are

0:02:36.560000 --> 0:02:39.400000
 typically assigned so on and so forth.

0:02:39.400000 --> 0:02:43.140000
 And that brings us to the final key
 concept which is sort of the focus

0:02:43.140000 --> 0:02:47.820000
 of this course and that is the preparation
 phase in incident response.

0:02:47.820000 --> 0:02:52.340000
 So part of the incident response life
 cycle or process the first phase

0:02:52.340000 --> 0:02:56.920000
 in incident response has to do with
 preparation and you may be wondering

0:02:56.920000 --> 0:03:01.820000
 to yourself already what does what is
 usually done in preparation or in

0:03:01.820000 --> 0:03:06.120000
 the preparation phase and that's
 the objective of this course.

0:03:06.120000 --> 0:03:10.200000
 So those are some of the those
 are the actual key concepts.

0:03:10.200000 --> 0:03:15.320000
 Now we have the major topics which would
 essentially comprise of subtopics

0:03:15.320000 --> 0:03:17.360000
 of the major concepts.

0:03:17.360000 --> 0:03:20.040000
 So the first thing is IR teams.

0:03:20.040000 --> 0:03:26.700000
 So as I mentioned the various models
 or types of IR teams will also be

0:03:26.700000 --> 0:03:31.780000
 exploring the different names or the
 naming conventions used when you

0:03:31.780000 --> 0:03:36.800000
 know referring to IR teams and how
 that you know gives you an idea as

0:03:36.800000 --> 0:03:44.580000
 to how to use it within it.

0:03:44.580000 --> 0:03:49.500000
 So that will then bring us into the incident
 response process and framework.

0:03:49.500000 --> 0:03:54.200000
 So we'll you know learn or get a proper
 introduction to the incident response

0:03:54.200000 --> 0:03:59.120000
 process inclusive of you know all
 the phases that you typically see.

0:03:59.120000 --> 0:04:04.460000
 We'll make that a little bit more specific
 by exploring the incident response

0:04:04.460000 --> 0:04:10.820000
 process specific to frameworks like
 NIST or SANS I should say and SANS

0:04:10.820000 --> 0:04:14.860000
 because we'll cover both and you sort
 of see the difference between the

0:04:14.860000 --> 0:04:19.940000
 two with regards to the process as a
 whole and the phases you know that

0:04:19.940000 --> 0:04:25.820000
 make up the process so very very interesting
 and then you know we'll move

0:04:25.820000 --> 0:04:28.360000
 into the preparation phase
 of incident response.

0:04:28.360000 --> 0:04:31.760000
 So we'll you know get an introduction
 as to what the preparation phase

0:04:31.760000 --> 0:04:37.640000
 is what it involves or entails and that
 will be further broken down into

0:04:37.640000 --> 0:04:42.260000
 you know aspects of the preparation phase
 like incident response planning

0:04:42.260000 --> 0:04:46.300000
 and documentation which is where we
 have things like you know roles and

0:04:46.300000 --> 0:04:51.740000
 responsibilities using a RACI matrix,
 instant response policies so how

0:04:51.740000 --> 0:04:57.280000
 to create your own examples of policies
 the same will be done for instant

0:04:57.280000 --> 0:05:07.400000
 response plans you know we'll learn about
 what an repeat the same process

0:05:07.400000 --> 0:05:10.280000
 for incident response playbooks.

0:05:10.280000 --> 0:05:14.480000
 We'll then turn our attention to the instant
 management process and platforms

0:05:14.480000 --> 0:05:18.940000
 which again falls under the preparation
 phases one of the key technological

0:05:18.940000 --> 0:05:25.140000
 elements of instant response so you
 typically as an incident responder

0:05:25.140000 --> 0:05:31.160000
 be using an instant management platform
 like the Hive when we'll be exploring

0:05:31.160000 --> 0:05:37.240000
 that in that you know in that particular
 case or when we're we're going

0:05:37.240000 --> 0:05:41.360000
 to be discussing the incident management
 process and then finally the

0:05:41.360000 --> 0:05:45.280000
 final major topic is going to be around
 the incident response toolkit

0:05:45.280000 --> 0:05:49.320000
 or how to build your own incident response
 toolkit and the various tools

0:05:49.320000 --> 0:05:53.720000
 that you typically need to include as
 well as the some additional aspects

0:05:53.720000 --> 0:06:06.300000
 of building your own toolkit and how
 to ensure deployment as it were.

0:06:06.300000 --> 0:06:10.080000
 So with that being said now that we
 have an idea of the key concepts and

0:06:10.080000 --> 0:06:13.600000
 major topics we'll be covering let's turn
 our attention to the most important

0:06:13.600000 --> 0:06:17.460000
 aspect of the course overview which
 is the learning outcome so this is

0:06:17.460000 --> 0:06:22.900000
 where I lay out what you will learn
 and what you'll be able to do by the

0:06:22.900000 --> 0:06:27.220000
 end of this course and it's said we'll
 be revisiting this in the course

0:06:27.220000 --> 0:06:32.060000
 summary video so we can actually ensure
 that we did everything or I covered

0:06:32.060000 --> 0:06:37.020000
 everything and you know hopefully by
 that point you will be comfortable

0:06:37.020000 --> 0:06:42.320000
 in any case getting started the first
 is you know by the end of this course

0:06:42.320000 --> 0:06:47.240000
 you should be able to explain the importance
 of instant response and the

0:06:47.240000 --> 0:06:52.300000
 risk of unstructured response efforts you
 should be able to identify different

0:06:52.300000 --> 0:06:55.860000
 types of security incidents and common
 attack vectors and sort of distinguish

0:06:55.860000 --> 0:07:00.260000
 between the two you should be able to
 describe various types of incident

0:07:00.260000 --> 0:07:05.740000
 response teams their structures as
 well as their roles you should have

0:07:05.740000 --> 0:07:10.100000
 an understanding and be able to differentiate
 between major incident response

0:07:10.100000 --> 0:07:13.500000
 frameworks those being missed and stands
 and you should have an understanding

0:07:13.500000 --> 0:07:21.200000
 of how they how they differ primarily
 moving on and by the end of this

0:07:21.200000 --> 0:07:25.940000
 course you should be able to develop foundational
 incident response artifacts

0:07:25.940000 --> 0:07:32.080000
 or documents such as you know incident
 response policies plans playbooks

0:07:32.080000 --> 0:07:37.380000
 and responsibility matrices you should
 be able to apply the hierarchy

0:07:37.380000 --> 0:07:41.480000
 of needs model to build incident response
 readiness very very important

0:07:41.480000 --> 0:07:46.000000
 and you should have an understanding of
 the role of technology infrastructure

0:07:46.000000 --> 0:07:50.760000
 in supporting incident response activities
 you should be able to manage

0:07:50.760000 --> 0:07:54.460000
 security incidents using an incident
 management platform in this case

0:07:54.460000 --> 0:08:00.120000
 the hive and finally you should be
 able to build a basic yet effective

0:08:00.120000 --> 0:08:05.440000
 incident response toolkit tailored for
 operational use so those are the

0:08:05.440000 --> 0:08:09.900000
 learning outcomes and hopefully that gives
 you an idea as to what to expect

0:08:09.900000 --> 0:08:14.340000
 or what will be covered in this course
 from a knowledge skills and abilities

0:08:14.340000 --> 0:08:18.400000
 perspective but that brings us to the
 pre-recosites so do you need to

0:08:18.400000 --> 0:08:22.300000
 know anything or do you need to be
 able to do anything before you get

0:08:22.300000 --> 0:08:25.960000
 started with this course and the answer
 to that is no with a few exceptions

0:08:25.960000 --> 0:08:29.540000
 i would recommend that you have a basic
 understanding of cybersecurity

0:08:29.540000 --> 0:08:34.440000
 concepts examples of which are you know
 what is a threat what is vulnerability

0:08:34.440000 --> 0:08:41.260000
 what is risk so on and so forth the
 second prerequisite is you know that

0:08:41.260000 --> 0:08:45.420000
 you should have a familiarity with general
 IT systems networks and common

0:08:45.420000 --> 0:08:50.520000
 security tools so those are the pre
-recosites and with that being said

0:08:50.520000 --> 0:08:54.980000
 that's pretty much it for the course
 overview hopefully you now have a

0:08:54.980000 --> 0:08:58.500000
 good understanding of what you're getting
 into and with that being said

0:08:58.500000 --> 0:09:03.420000
 let's not waste any more time i'll
 be seeing you in the first video of