CSX Practitioner: Course 3 LENGTH DELIVERY METHOD

Respond and Recover 40

HOURS

DAY 1 LESSON
Defined Response Plan Execution
LAB ASSOCIATED TOPICS
> IR Reputation Databases
Incident Response > IR Procedure
Remove Trojan > Real Time Blacklists
Escalation Procedures
System Adverse Effects to Open and Close Ports > Whitelists
Incident Response on Windows 7
Disable User Accounts
Network Isolation
on Windows 7
Block Incoming Traffic CSX Practitioner: Course 3

Respond and
Disable User Accounts
on Known Ports

DAY 2 LESSON LAB ASSOCIATED TOPICS

Blocking Traffic
Assess and Unplug
System Configuration Changes
and Supplemental Monitoring
IR Documentation and Preservation
Incident Report
Recover
Implement Single System Changes > IR Procedure
Conduct Supplemental Monitoring > IR Drafting
> IR Frameworks
Create Custom Snort Rules
Install EMET and Edit Host Files
Comprehensive Assessment

DAY 3
™

LESSON
Industry Best Practices
LAB ASSOCIATED TOPICS
> Business Unit Integration
P
Disaster Recovery and > Third Party Connection Certified Cybersecurity Practitioner
Business Continuity Mechanisms
Cyber System Restoration > Warm Site/Cold Site
Data Backup and Restoration Configurations
Patches and Updates > Data Preservation
Key Concepts

DAY 4 LESSON
Backup Site Preparation
LAB ASSOCIATED TOPICS
> Network Access Control
and Utilization > Data Loss Prevention
Data Management > Encryption Controls
Actualizing Data Backups
and Recovery
Implementing Patches and Updates Data Backup and Recovery

DAY 5 LESSON
Ensuring Data Integrity
LAB ASSOCIATED TOPICS
> NIST Procedures
Deficiency and Error Reporting > ISO Procedures
> Team Input
Post Incident Review
> AAR Generation
Recovering Data and Data
Reset and Prep for Future Events Integrity Checks
Temporary Control and Fix
Review and Implementation

https://cybersecurity.isaca.org © 2016 ISACA ALL RIGHTS RESERVED.

 ™
CSX Practitioner: Course 3

P Respond and Recover

Certified Cybersecurity Practitioner
Cybersecurity Nexus (CSX) Training Courses are the perfect
™ hands-on instruction, backed up by lab sequences, in the
way to build and hone critical skills in cyber security, and
prepare you for the next level in your career.
The CSX Practitioner Series offers three unique, week-long
courses conducted in an adaptive, performance-based
Course Overview Classroom-Based Instruction Topics
The final course in the CSX Practitioner Series provides
> IRP Execution
Respond and Recover domains.
> System Containment Response
> Asset Quarantine
The Respond domain shows students the basic concepts, > IDS/IPS Response Configuration
> Incident Response Documentation
methods and tools required to draft and execute comprehensive
> Incident Response Protocol Procedure
incident response plans, provide proper isolation response
documentation, and how to document and maintain information > Incident Response Drafting
related to Incident Response. > Disaster Recovery Plan/Business Continuity
Plan Task Identification
In the Recover domain, students will master the basic > System Restore Processes

cyber laboratory environment. Students will have hands-on concepts, methods and tools required to recuperate a system
or network, as well as learn how to implement continuity and
> Site Configuration
> System Backup
instruction and practice in applying basic concepts and contingency plans. > System Restoration
> Network Backup Procedures
industry-leading methods and in utilizing a large array of Course Learning Objectives > Data Integrity Check
Provide students with an environment to discuss and practice > Procedures/Documentation
open source tools within real-world scenarios. methods implemented by cyber security professionals in the > Post-Incident Review Process
Respond and Recover domains. Ensure students develop into > Compromised Asset Quarantine
Each course utilizes PerformanScore , a learning and
®
complimentary team members for enterprises who are > Rapid Response IDS/IPS Configuration
workforce ready. > Incident Response Component Identification
development tool that measures a professional’s ability to
perform specific cyber security job tasks and enables the Training Notes
Provided during the training session and shall be retained
Lab Topics
instructor to provide the student with immediate feedback. by the students. > IRP Component Assessment
> Compromised Asset Containment
Recommended Participants > Incident Response Procedure Identification
The courses help students build skills necessary to be Individuals in the field of cyber security who are interested > Incident Response Draft Generation

successful in a variety of cyber security-related positions, in learning hands-on technical skills. > System Restoration
> Backups
and to earn the related CSX Practitioner certification. Course Structure > Integrity Check Process
> Classes consist of at least 50% hands-on lab exercises. > Incident Response Technical Actions
> Lessons and lectures are comprised of up-to-date
coursework and demonstrations.