Course Overview

Learning Outcome

Upon completion of SECOPS course, you should be able to:

• Describe a typical Security Operation Center (SOC)
• Use Network Security Monitoring (NSM) tools and data to conduct basic incident analysis within a threat-centric SOC environment
• Identify common external resources used by the analysts to hunt for cybersecurity threats
• Discuss basic events normalization concepts
• Perform basic events correlation
• Identify common attack vectors, malicious activities, and patterns of suspicious behaviors
• Describe the use of a playbook to assist with the incident investigation in a SOC
• Describe the common metrics used to measure the SOC effectiveness
• Describe the use of a workflow automation system to optimize SOC operations
• Describe the components of a typical Incident Response Plan
• Describe the types and the responsibilities of the Computer Security Incident Response Team (CSIRT)
• Discuss the use of VERIS to document security incidents

Prerequisite

• Must have completed CCNA Routing and Switching Course

Course Content

• Describing the Security Operations Center
• Understanding Network Security Monitoring Tools and Data
• Understanding Incident Analysis in a Threat-Centric SOC
• Identifying Resources for Hunting Cyber Threats
• Understanding Event Correlation and Normalization
• Identifying Common Attack Vectors
• Identifying Malicious Activity
• Identifying Patterns of Suspicious Behavior
• Conducting Security Incident Investigations
• Describing the SOC Playbook and Metrics
• Understanding the SOC Workflow Management System (WMS) and Automation
• Describing the Incident Response Plan
• Describing the Computer Security Incident Response Team