Certified SOC-Analyst (CSA)

Agenda SOC Essential Concepts

• Computer Network Fundamentals
• TCP/IP Protocol Suite
• Application Layer Protocols
• Transport Layer Protocols
• Internet Layer Protocols
• Link Layer Protocol
• IP Addressing and Port Numbers
• Network Security Controls
• Network Security Devices
• Windows Security
• Unix/Linux Security
• Web Application Fundamentals
• Information Security Standards, Laws and Acts

Security Operations and Management

• Security Management
• Security Operations
• Security Operations Center (SOC)
• Need of SOC
• SOC Capabilities
• SOC Operations
• SOC Workflow
• Components of SOC: People, Process and Technology
• People
• Technology
• Processes
• Types of SOC Models
• SOC Maturity Models
• SOC Generations
• SOC Implementation
• SOC Key Performance Indicators (KPI) and Metrics
• Challenges in Implementation of SOC
• Best Practices for Running SOC
• SOC vs NOC

Understanding Cyber Threats, IoCs, and Attack Methodology

• Cyber Threats
• Intent-Motive-Goal
• Tactics-Techniques-Procedures (TTPs)
• Opportunity-Vulnerability-Weakness
• Network Level Attacks
• Host Level Attacks
• Application Level Attacks
• Email Security Threats
• Understanding Indicators of Compromise (IoCs)
• Understanding Attacker’s Hacking Methodology

Incidents, Events, and Logging

• Incident
• Event
• Log
• Typical Log Sources
• Need of Log
• Logging Requirements
• Typical Log Format
• Logging Approaches
• Local Logging
• Centralized Logging

Incident Detection with Security Information and Event Management (SIEM)

• Security Information and Event Management(SIEM)
• Security Analytics
• Need of SIEM
• Typical SIEM Capabilities
• SIEM Architecture and Its Components
• SIEM Solutions
• SIEM Deployment
• Incident Detection with SIEM
• Examples of commonly Used Use Cases Across all SIEM deployments
• Handling Alert Triaging and Analysis

Enhanced Incident Detection with Threat Intelligence

• Understanding Cyber Threat Intelligence
• Why Threat Intelligence-driven SOC?

Incident Response

• Incident Response
• Incident Response Team (IRT)
• Where Does IRT Fits in the Organization?
• SOC and IRT Collaboration
• Incident Response (IR) Process Overview
• Step 1: Preparation for Incident Response
• Step 2: Incident Recording and Assignment
• Step 3: Incident Triage
• Step 4: Notification
• Step 5: Containment
• Step 6: Evidence Gathering and Forensic Analysis
• Step 7: Eradication
• Step 8: Recovery
• Step 9: Post-Incident Activities
• Responding to Network Security Incidents
• Responding to Application Security Incidents
• Responding to Email Security Incidents
• Responding to an Insider Incidents
• Responding to Malware incidents

Voraussetzungen

Für eine optimale Teilnahme am Kurs empfehlen wir folgende Vorkenntnisse:

• 1 Jahr Berufserfahrung im Bereich Network Admin/ Sicherheit haben und sollte diese im Rahmen des Bewerbungsprozesses nachweisen können Es sei denn, der Kandidat nimmt an einer offiziellen Schulung teil.

Zielgruppe

• SOC-Analysten
• Netzwerk- und Security-Administratoren
• Netzwerk- und Security-Ingenieure
• Netzwerk-Security-Spezialist
• Security Experten
• Cybersecurity Analyst