Understanding Cisco Cybersecurity Operations v1.0
CISCO網路安全維運
課程代碼
SECOPS
課程天數
5 天
課程概要
本課程協助學員了解Security Operations Center(SOC)的功能以及此環境所需的入門級技能和知識。 它側重於關聯級別的SOC分析師所需的入門級技能。 具體而言,了解基本威脅分析,事件關聯,識別惡意活動以及如何使用劇本(playbook)進行事件響應。
學習目標和取得技能
完成本課程後,您將能夠:
- 在SOC中定義SOC和各種工作角色
- 了解SOC基礎架構工具和系統
- 學習以威脅為中心的SOC的基本事件分析
- 探索可用於協助調查的資源
- 解釋基本事件關聯和規範化
- 描述常見的攻擊向量
- 了解如何識別惡意活動
- 理解劇本(playbook)的概念
- 描述並解釋事件響應手冊(handbook)
- 定義SOC度量標準的類型
- 了解SOC workflow管理系統和自動化
教學方式
CISCO認證講師指導
教材與實驗
CISCO原廠教材
課程適合對象
- Security Operations Center – Security Analyst
- Computer/Network Defense Analysts
- Computer Network Defense Infrastructure Support Personnel
- Future Incident Responders and Security Operations Center (SOC) personnel
- Students beginning a career, entering the cybersecurity field
- Cisco Channel Partners
前備知識
建議學生具備以下知識和技能:
- 曾研習Interconnecting Cisco Networking Devices Part 1 (ICND1)課程或同級知識
- 熟悉Windows操作系統
- 熟悉Cisco IOS網路和概念
課程大綱
Module 1: SOC Overview
- Lesson 1: Defining the Security Operations Center
- Lesson 2: Understanding NSM Tools and Data
- Lesson 3: Understanding Incident Analysis in a Threat-Centric SOC
- Lesson 4: Identifying Resources for Hunting Cyber Threats
Module 2: Security Incident Investigations
- Lesson 1: Understanding Event Correlation and Normalization
- Lesson 2: Identifying Common Attack Vectors
- Lesson 3: Identifying Malicious Activity
- Lesson 4: Identifying Patterns of Suspicious Behavior
- Lesson 5: Conducting Security Incident Investigations
Module 3: SOC Operations
- Lesson 1: Describing the SOC Playbook
- Lesson 2: Understanding the SOC Metrics
- Lesson 3: Understanding the SOC WMS and Automation
- Lesson 4: Describing the Incident Response Plan
- Lesson 5: Appendix A—Describing the Computer Security Incident Response Team
- Lesson 6: Appendix B—Understanding the use of VERIS
推薦課程
