Back to Course

Incident Response

0% Complete
0/71 Steps
  1. Incident Response
    Incident Reporting
  2. Incident Response Use Cases
    Lab Setup
  3. Role Playing - Shift Manager
  4. Demonstrating: Investigating and Escalating
  5. Report from Malware Analyst
  6. Exercise 1.1: Exploring Suspicious Executable Detected using SIEM
  7. Exercise 1.2: Investigating Multiple Failed Logins using SIEM
  8. Exercise 3: Mitigating Risk
  9. Exercise 4.1: Asking the Right Questions
  10. Scenario 4.1: Asking the Right Questions
  11. Scenario 4.2: Suspicious or Malicious?
  12. Exercise 4.2: Reviewing the Shift Log
  13. Exercise 4.3: Investigating an Unauthorized Login Attempt
  14. Exercise 4.4: Investigating Firewall Traffic
  15. Exercise 4.5: Reviewing the Security Operations Mailbox
  16. Exercise 5.1: Reviewing New Intelligence
  17. Exercise 5.2: Assessing Threat Severity
  18. Exercise 6: Recommending Remediation
  19. Exercise 7: Conducting a Post-Incident Review
  20. Exercise 8: Communicating with Operations and Senior Management
  21. Business Continuity
    Business Continuity Plan Development
    8 Topics
  22. BCP Invocation Process
    2 Topics
  23. Emergency Procedures
    7 Topics
  24. Crisis Management Team
    10 Topics
  25. BCP Seating Plan
  26. Overview
  27. Disaster Recovery
    Scope of Critical Services
  28. Network Services
  29. Application Hosting Service
  30. File Hosting Services
  31. Call Centre and Voice Recording Services
  32. Regulatory Links
  33. Thin Client Environment
  34. Voice System (Non-Service Desk)
  35. Printing Services
  36. Recovery Time Objective (RTO) & Recovery Point Objective
  37. Single Point of Failure
  38. Redundancy Requirements
  39. Alternate Locations
  40. Contact Protocol
    4 Topics
Lesson 3 of 40
In Progress

Role Playing – Shift Manager

Goals

To orient the student to lab exercise scenario as well as the lab environment.

Introduction

Welcome to the Dunder Mifflin Security Operations (SECOPS) team. As our new Incident Handler, your responsibilities include:

  • Answer the security operations hotline.
  • Facilitate shift handoff.
  • Review daily intelligence reports.
  • Prioritize incident handling and response.
  • Analyze incidents.
  • Manage the escalation process.
  • Serve as escalation point for the three Event Analysts.
  • Escalate all malware to the malware analyst.

Additional responsibilities include:

  • Explore the network and logs for suspicious activity
  • Contribute to risk assessment
  • Participate in a compliance audits
  • Prepare executive level communication regarding security incidents
  • Plan and implement change in the security operations center.

Your shift supervisor is: ______________________<instructor>.

Keep this guide at hand. You may find it helpful during the course of your shift. Get ready for shift hand-off.

Shift Log Summary

Here is a summary of the incidents and tasks from the previous shift. Note that the security analysts at DM SECOPS like to refer to an incident by its code name. The code name appears in parentheses for each incident.

  • Incident (inc01): Event analyst escalated an alert of a host beaconing to a suspicious domain
  • Incident (inc02): Alert on suspicious executable detected
  • Incident (inc03): Multiple failed logins to a VPN
  • Incident (inc04): Call from admin: unauthorized login
  • Incident (inc05): Call from admin: unauthorized login
  • Incident (inc06): Ops team reports a spike in firewall traffic
  • Task (task01): Email to security mailbox needs to be reviewed
  • Task (task02): Review New intelligence: search for indicators

Lab Environment                      Dunder Mifflin’s security operations center is equipped with the latest analytic and workflow management tools. Your shift supervisor will demonstrate the tools you will use during your shift. These tools include:

  • SIEM
  • ENDPOINT THREAT DETECTION TOOL
  • GRC Platform

                                    Your instructor will demonstrate how to log in to the lab environment.