FOR01 - Responding to a security incident

PROGRAM:

The IMS is the set of technical, organizational, legal and human means necessary and put in place to preserve, restore and guarantee the security of the information system. Thus, for any organization's manager, it is important to ensure that employees are aware of the issue and that effective and robust technical measures are in place to avoid any "unpleasant event" that could be economically dramatic in certain cases (loss of customer data, for example).

The risk of computer intrusion will never be zero, even for the most secure of information systems. Security incidents are the daily lot of the vast majority of companies that monitor a minimum of security events on their IS. Any detection of a suspicious event (virus alert, suspicious behavior, etc.) must be the trigger point for an incident response procedure that must be defined, applied and continuously improved. From the identification of the threat to the restoration of the impacted services, through the containment of the infection and its eradication, this training course introduces and deepens each step of an incident response, based on the experience of Synetis analysts. It includes organizational elements, such as crisis cell management or the development of a timeline, as well as the technical bases necessary to understand a digital investigation on various perimeters.