Open in Case of Emergency If you are worried about leading or supporting a major cyber incident, then this is the course for you. LDR553: Cyber Incident Management focuses on the non-technical challenges facing leaders in times of extreme pressure. Whilst you may have a full team of technical staff standing-by to find, understand and remove the attackers, they need information, tasking, managing, supporting, and listening to so you can maximize their utilization and effectiveness. We focus on building a team to remediate the incident, on managing that team, on distilling the critical data for briefing, and how to run that briefing. We look at communication at all levels from the hands-on team to the executives and Board, investigative journalists, and even the attackers. This course contains nine case studies for hands-on learning. Business Takeaways ▐ Cultivate a workforce adept at leading or contributing to cyber incident management teams ▐ Streamline incident management processes for quicker resolutions ▐ Identify and bridge gaps in security incident plans and response strategies ▐ Elevate the performance of security incident teams to meet evolving challenges ▐ Strategically plan and navigate through high-stakes attacks, including email compromise and ransomware, fostering a resilient response frameworks ▐ Promote seamless collaboration between technical and non-technical teams during incident response for a more integrated approach ▐ Instill a culture of continuous improvement, leveraging lessons learned from incidents to refine future response strategies ▐ Proactively integrate threat intelligence to anticipate and mitigate potential threats before escalation Syllabus Summary SECTION 1: Understanding and Communicating About the Incident SECTION 2: Scoping the Damage, Planning the Remediation, and Executing the Plan SECTION 3: Training, Leveraging Cyber Threat Intelligence, and Bug Bounties SECTION 4: Cloud Incidents, Business Email Compromise, Credential Theft Attacks, and Incident Metrics SECTION 5: AI for Incidents, Attacker Extortion, Ransomware, and Capstone Exercise CURRICULUM: Cybersecurity Leadership LDR553: Cyber Incident Management™ You Will Be Able To ▐ Categorize and scope incidents correctly and the resulting incident management team’s objectives ▐ Design, draft, proof, release and control all communications when managing a serious incident ▐ Manage a team under extreme pressure and to recognize the natural human responses that will emerge and what they mean ▐ Lead the team, win the confidence of the execs and exceed the expectations of everyone involved ▐ Calculate, coordinate, and execute both system and data counter compromise activities ▐ Strategize and respond to ransomware incidents including how to develop exercises and training around these devastating attacks ▐ Structure, manage, and deliver briefings to the team, execs and senior leadership or the board ▐ Organize the transition from active incident to business as usual and how to execute that plan ▐ Prepare, setup and run cyber incident management exercises Who Should Attend ▐ Security managers ▐ Security professionals ▐ Managers ▐ Legal/HR/PR staff NICE Framework Work Roles ▐ Knowledge Manager (OM-KMG-001) ▐ Cyber Legal Advisor (OV-LGA-001) ▐ Privacy Officer/Privacy Compliance Manager (OV-LGA-002) ▐ Information Systems Security Manager (OV-MGT-001) ▐ Communications Security (COMSEC) Manager (OV-MGT-002) ▐ Cyber Policy and Strategy Planner (OV-SPP-002) ▐ Executive Cyber Leadership (OV-EXL-001) “ It’s a perfect course for those leading cyber incidents. I’ve found nothing else that comes close.” —Lee Taylor, Leicestershire Police For detailed course description, visit SANS.ORG/LDR553 Steve Armstrong-Godwin Course Author WAYS TO TAKE LDR553 Live Online In-Person OnDemand 5 Day Program 30 CPEs 26+ Labs FEATURED NEW COURSE GCIL Cyber Incident Leader giac.org/gcil
