Computer Networking

Security Operations Center and Management (SOC)

Duration 5 days
 
 
COURSE DESCRIPTION
 
This course covers the areas of security operations center including Network Security Monitoring, Cyber Attacks, Incident Response, Digital Forensics, Exercises and Self-Practice. This course also provides the process of designing the SOC and the associated objectives of functional areas, software and hardware technology required for performance of functions, as well as knowledge, skills and abilities of staff roles.
 
COURSE OUTLINE
Topic 1: Design and Build the Security Operations Center 
  • Explains how to develop and build a Security Operations Center 
  • Shows how to gather invaluable intelligence to protect your organization 
  • Defining an operations center 
  • Purpose of the operations center 
  • Emergency operations center 
  • Mission operations center 
  • Threat operations center 
  • Network operations center 
Topic 2: Roles of Staff, and How to operate the Security Operations Center 
  • People, Processes, and Technology 
  • SOC Duties and Training Needs 
  • The role of incident responders and SOC analysts 
  • Supporting scenarios to respond with incident such as outsourcing (via managed security service providers, or MSSPs) or contracting specialists to provide surge incident response (IR) support 
Topic 3: Vulnerabilities and Risk Assessment 
  • Describe a vulnerability assessment methodology and conduct a vulnerability assessment 
  • Describe a general risk assessment methodology and conduct a risk assessment 
  • Describe the development and use of a risk reduction strategy 
  • Describe the relationships among the terms threat, vulnerability, likelihood and consequence 
  • Describe the roles and responsibilities of organizations involved in vulnerability and risk identification and assessments, and risk mitigation 
Topic 4: Incident Response and Handling 
  • Provide the fundamental skills to handle and respond to the computer security incidents in an information system 
  • Address various underlying principles and techniques for detecting and responding to current and emerging computer security threats 
  • Learn how to handle various types of incidents, risk assessment methodologies, and various laws and policies related to incident handling 
  • Create incident handling and response policies as well as deal with various types of computer security incidents 
 
Topic 5: Network Security Monitoring Team (NSM) 
  • Design a security architecture that enhances visibility and detective capabilities 
  • Learn the approach and goals of monitoring and define a methodology for analysis 
  • Learn how to look at the data and continuously monitor the enterprise for evidence of compromise or changes that increase the likelihood of compromise 
  • Provide some key terms such as Network Security Monitoring (NSM), Continuous Diagnostics and Mitigation (CDM), and Continuous Security Monitoring (CSM) 
  • Enabling continuous monitoring will be studied by developing a model for employing robust NSM 
Topic 6: Tools for Packet Capture and Analysis 
  • Learn the techniques to capture and analyze network traffic from intruders 
  • Intercept and log traffic that passes over a digital network or part of a network. 
  • Analyze network problems 
  • Detect network intrusion attempts 
  • Gain information for effecting a network intrusion 
  • Monitor network usage (including internal and external users and systems) 
  • Monitor WAN and endpoint security status 
  • Gather and report network statistics 
  • Filter suspect content from network traffic 
  • Spy on other network users and collect sensitive information such as login details or users’ cookies (depending on any content encryption methods that may be in use) 
  • Verify internal control system effectiveness (firewalls, access control, Web filter, spam filter, proxy) 
Topic 7: Handling Network Security and Cyber Attack Incidents 
  • Provides guidelines for incident handling, particularly for analyzing incident-related data from network traffic and cyber attack 
  • Learn how to determine the appropriate response to incident 
  • Hand-on lab exercises and practices 
Topic 8: Handling Malicious Code Incidents 
  • Provides guidelines for incident handling, particularly for analyzing incident-related data from malware and malicious code 
  • Learn how to determine the appropriate response to incident 
  • Tools for examining and analyzing malware 
  • Hand-on lab exercises and practices 
Topic 9: Digital Forensics: Examination and Recovery Techniques 
  • Learn the techniques to acquire, examine, and recover digital evidences 
  • Perform the essential duties of a forensic examiner 
  • Prepare for and execute digital forensic investigations on Windows-based systems 
  • Apply forensic methodologies to preserve, acquire, extract, and analyze information of investigative importance 
  • Identify and analyze key Windows artifacts of investigative importance 
  • Hand-on lab exercises and practices 
Topic 10: Network Security Challenges, Exercises, and Self-Practice 

  Course Duration

         5 Days

 Price List

          35,000 Baht
          Special Offer : Contact us

  Available Schedule

17 - 21 Feb 2020
18 - 22 May 2020
17 - 21 Aug 2020
23 - 27 Nov 2020