SC190: Information Security Incident Management

Training: Security - Business Continuity

Participants receive a practical introduction to incident handling. The course covers the fundamentals of incident detection and analysis, identifying attacks in the network, as well as handling clients and servers. It addresses how to distinguish support cases caused by user errors from actual attacks and how effective response capabilities are trained through exercises.

Online training Online training

Start: 2025-10-16 | 10:00 am

End: 2025-10-17 | 05:00 pm

Location: Online

Price: 1.400,00 € plus VAT.

Online training Online training

Start: 2026-03-09 | 10:00 am

End: 2026-03-10 | 05:00 pm

Location: Online

Price: 1.400,00 € plus VAT.

Online training Online training

Start: 2026-10-19 | 10:00 am

End: 2026-10-20 | 05:00 pm

Location: Online

Price: 1.400,00 € plus VAT.

Request prefered appointment period:

* All fields marked with an asterisk are mandatory fields.

Agenda:

  • Module 1:
    • Presentation of a multi-stage attack on an information network
    • Mutual interaction of attack and defense
    • Importance of the timeline for rapid incident detection
    • Principles and guidelines of IR management
    • Establishment of a reliable reporting chain and first response

  • Module 2:
    • Live demo of attacks on Windows and Linux machines
    • Triage process by IT-Ops and subsequent SOC and CSIRT
    • Sec-Ops Forensics 1: Tracing in Windows machines
    • Sec-Ops Forensics 2: Tracing in Linux machines
    • Sec-Ops Forensics 3: Tracing in OT
    • Remediation of infected systems

  • Module 3:
    • Attacks on the network from outside and inside
    • The importance of delivery and command & control servers
    • Sec-Ops Forensics 4: Tracing in distributed LDAP and AD services
    • Sec-Ops Forensics 5: Tracing in networks and firewalls
    • Sec-Ops Forensics 3: Detecting ICMP/DNS tunnels and backdoors
    • Best practices and validation of attack sources

  • Module 4:
    • Individual deep dive into topics from Modules 1-3
    • Practical exercise: Handling security incidents
    • Experience exchange

  • For in-house training/closed courses conducted online, we are happy to accommodate your individual scheduling preferences. We can conduct the course over four days with 4 hours each instead of two days with 8 hours each.
    Contact us!

Objectives:

Upon completion of the workshop, you will be able to identify security incidents or disruptions and initiate appropriate measures to restore operations as quickly as possible. You will gain an in-depth understanding and learn especially the implementation and operation of an Information Security Incident Management process to apply the learned and developed topics within the company.

After the course, you will be able to map a resilient and efficient incident response process from the reporting process, through isolation and identification, to remediation and documentation.

Target audience:

Responsible for Information Security, as well as IT Operations, Incident Managers, and Process Owners.

Prerequisites:

Basic knowledge of information security, understanding of day-to-day IT operations. There is no formal assessment of entry requirements.

Description:

Most incidents start quite innocuously. A user opens a ticket, the helpdesk addresses the issue after a while. Then the technician becomes nervous, informs their manager, and they also become nervous.

Is it an attack or an error – what impacts and damages are to be expected and what measures need to be initiated now? You will learn this and more in this workshop, which is divided into 4 areas:

  • Incident detection and general principles of disturbance or incident acceptance
  • Identifying attacks in the network
  • Incidents with clients and servers
  • You are part of a workshop where you consolidate and practice what you have learned


The majority of incidents received by IT support are due to user errors or have technical causes. In daily operations, technicians have become accustomed to working through a queue, similar to a doctor's waiting room. In this process, IT support is often also the emergency room. So how do you recognize the urgent cases? How should you react now?

check-icon

Guaranteed implementation:

from 2 Attendees

Booking information

Price:

1.400,00 € plus VAT.

(including lunch & drinks)

Authorized training partner

NetApp Partner Authorized Learning
Commvault Training Partner
CQI | IRCA Approved Training Partner
Veeam Authorized Education Center
Acronis Authorized Training Center
AWS Partner Select Tier Training
ISACA Accredited Partner
iSAQB
CompTIA Authorized Partner
EC-Council Accredited Training Center

Memberships

Allianz für Cyber-Sicherheit
TeleTrust Pioneers in IT security
Bundesverband der IT-Sachverständigen und Gutachter e.V.
Bundesverband mittelständische Wirtschaft (BVMW)
Allianz für Sicherheit in der Wirtschaft
NIK - Netzwerk der Digitalwirtschaft
BVSW
Bayern Innovativ
KH-iT
CAST
IHK Nürnberg für Mittelfranken
eato e.V.
Sicherheitsnetzwerk München e.V.