+49 (911) 80 10 30

Give us a call or have us call you back!

Simply leave a message with your callback appointment

Your Name *

Your phone number *

Callback date *

Callback time *

Your request *

In order to process your request, it is necessary to process the data you provide. This means that by submitting the contact form, you consent to your data being processed (see Privacy Policy). You can object to the processing of your data at any time.

* All fields marked with an asterisk are mandatory fields.
Send a message

Your Name *

Your email *

Your phone number

Your request *

In order to process your request, it is necessary to process the data you provide. This means that by submitting the contact form, you consent to your data being processed (see Privacy Policy). You can object to the processing of your data at any time.*

* All fields marked with an asterisk are mandatory fields.
Social Media

Share page

SC190: Information Security Incident Management

Training: Security - Business Continuity

Participants receive a practical introduction to incident handling. The course covers the fundamentals of incident detection and analysis, identifying attacks in the network, as well as handling clients and servers. It addresses how to distinguish support cases caused by user errors from actual attacks and how effective response capabilities are trained through exercises.

Appointment selection

Appointments in German language


Online training	2025-10-16 \| 10:00 am	2025-10-17 \| 05:00 pm	Online
Online training	2026-03-09 \| 10:00 am	2026-03-10 \| 05:00 pm	Online
Online training	2026-10-19 \| 10:00 am	2026-10-20 \| 05:00 pm	Online

Possible course languages: German

Request prefered appointment period:

Your Name *

Your email *

Your phone number

Preferred period from *

Preferred period to *

Number of participants *

Your message

* All fields marked with an asterisk are mandatory fields.

Online training

Start: 2025-10-16 | 10:00 am

End: 2025-10-17 | 05:00 pm

Location: Online

Price: 1.400,00 € plus VAT.

Online training

Start: 2026-03-09 | 10:00 am

End: 2026-03-10 | 05:00 pm

Location: Online

Price: 1.400,00 € plus VAT.

Online training

Start: 2026-10-19 | 10:00 am

End: 2026-10-20 | 05:00 pm

Location: Online

Price: 1.400,00 € plus VAT.

Request prefered appointment period:

Your Name *

Your email *

Your phone number

Preferred period from *

Preferred period to *

Number of participants *

Your message

* All fields marked with an asterisk are mandatory fields.

Agenda:

Module 1:
- Presentation of a multi-stage attack on an information network
- Mutual interaction of attack and defense
- Importance of the timeline for rapid incident detection
- Principles and guidelines of IR management
- Establishment of a reliable reporting chain and first response
Module 2:
- Live demo of attacks on Windows and Linux machines
- Triage process by IT-Ops and subsequent SOC and CSIRT
- Sec-Ops Forensics 1: Tracing in Windows machines
- Sec-Ops Forensics 2: Tracing in Linux machines
- Sec-Ops Forensics 3: Tracing in OT
- Remediation of infected systems
Module 3:
- Attacks on the network from outside and inside
- The importance of delivery and command & control servers
- Sec-Ops Forensics 4: Tracing in distributed LDAP and AD services
- Sec-Ops Forensics 5: Tracing in networks and firewalls
- Sec-Ops Forensics 3: Detecting ICMP/DNS tunnels and backdoors
- Best practices and validation of attack sources
Module 4:
- Individual deep dive into topics from Modules 1-3
- Practical exercise: Handling security incidents
- Experience exchange
For in-house training/closed courses conducted online, we are happy to accommodate your individual scheduling preferences. We can conduct the course over four days with 4 hours each instead of two days with 8 hours each.
Contact us!

Objectives:

Upon completion of the workshop, you will be able to identify security incidents or disruptions and initiate appropriate measures to restore operations as quickly as possible. You will gain an in-depth understanding and learn especially the implementation and operation of an Information Security Incident Management process to apply the learned and developed topics within the company.

After the course, you will be able to map a resilient and efficient incident response process from the reporting process, through isolation and identification, to remediation and documentation.

Target audience:

Responsible for Information Security, as well as IT Operations, Incident Managers, and Process Owners.

Prerequisites:

Basic knowledge of information security, understanding of day-to-day IT operations. There is no formal assessment of entry requirements.

Description:

Most incidents start quite innocuously. A user opens a ticket, the helpdesk addresses the issue after a while. Then the technician becomes nervous, informs their manager, and they also become nervous.

Is it an attack or an error – what impacts and damages are to be expected and what measures need to be initiated now? You will learn this and more in this workshop, which is divided into 4 areas:

Incident detection and general principles of disturbance or incident acceptance
Identifying attacks in the network
Incidents with clients and servers
You are part of a workshop where you consolidate and practice what you have learned

The majority of incidents received by IT support are due to user errors or have technical causes. In daily operations, technicians have become accustomed to working through a queue, similar to a doctor's waiting room. In this process, IT support is often also the emergency room. So how do you recognize the urgent cases? How should you react now?