Security Incident Response Overview is the first course in the Security Incident Response curriculum. This course is a prerequisite for interactive use cases that guide you through investigating common types of security incidents.
In Module One: Define Security Incident Response, you will be introduced to security incidents and the security incident response workflow. In Module Two: Use AWS Services to Investigate Security Incidents, you will discover how investigate security incidents using AWS services for each phase of the security incident response workflow.
-Â Â Â Â Â Â Â Â Â Course level: Fundamental
-Â Â Â Â Â Â Â Â Â Duration: 1 hour 40 minutes
Activities
This course includes interactive learning objects.
Course objectives
In this course, you will learn to do the following:
·        Define a computer security incident.Â
·        Define incident response and the importance of having a process in place.Â
·        List the cloud security incident domains.
·        Recognize the key differences of incident response in Amazon Web Services (AWS).
·        Explain the security incident response process for AWS.
·        State the purpose and goal of each phase of the security incident response process.
·        Identify appropriate AWS services to use for each phase of the security incident response process.
·        Describe how to use AWS services to investigate a security incident.
·        Locate training and resources for AWS services to investigate security incidents.
Intended audience
This course is intended for the following roles:
-Â Â Â Â Â Â Â Â Â Security engineers
-Â Â Â Â Â Â Â Â Â Security operations center (SOC) analysts, incident analysts (responders), and security operations (SecOps)
-Â Â Â Â Â Â Â Â Â Security managers and security principals
Â
Prerequisites
We recommend that attendees of this course have the following prerequisites:
-Â Â Â Â Â Â Â Â Â AWS Security Fundamentals (Second Edition), which provides baseline training on how the AWS services work
Â
Course outline
Module 1: Define Security Incident Response
Section 1: Navigation
-Â How to Use This Course
Section 2: Introduction
-Â Lesson 1: Welcome
Section 3: Security Incidents Overview
-Â Lesson 1: Security Incident Definition
-Â Lesson 2: Investigating Security Incidents
-Â Lesson 3: Security Incidents in the AWS Cloud
Section 4: Security Incident Response Workflow
-Â Lesson 1: Overview
-Â Lesson 2: Detect Phase
-Â Lesson 3: Analyze Phase
-Â Lesson 4: Contain Phase
-Â Lesson 5: Eradicate Phase
-Â Lesson 6: Recover Phase
Section 5: Conclusion
-Â Lesson 7: Contact Us
Â
Module 2: Use AWS Services to Investigate Security Incidents
Topic 1: Introduction
- Lesson 1: How to Use This Course
- Lesson 2: Welcome
Topic 2: Use AWS Services for Security Incident Response
- Lesson 3: Overview
- Lesson 4: Detect with AWS
- Lesson 5: Analyze with AWS
- Lesson 6: Contain with AWS
- Lesson 7: Eradicate with AWS
- Lesson 8: Recover with AWS
- Lesson 9: Putting it All Together
Â
Topic 3: Conclusion
- Lesson 10: Security Incident Response Resources
- Lesson 11: Contact Us
