232 Incident Response courses

Duration 3 Days 18 CPD hours This course is intended for The intended audience for this course is information security and IT professionals, such as network administrators and engineers, IT managers, and IT auditors, and other individuals who want to learn more about information security, who are interested in learning in-depth information about information security management, who are looking for career advancement in IT security, or who are interested in earning the CISM certification. Overview Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations. Identify and manage information security risks to achieve business objectives. Create a program to implement the information security strategy. Implement an information security program. Oversee and direct information security activities to execute the information security program. Plan, develop, and manage capabilities to detect, respond to, and recover from information security incidents. In this course, students will establish processes to ensure that information security measures align with established business needs. Prerequisites Information security governance Information risk management Information security program development Information security program management Incident management and response 1 - INFORMATION SECURITY GOVERNANCE * Develop an Information Security Strategy * Align Information Security Strategy with Corporate Governance * Identify Legal and Regulatory Requirements * Justify Investment in Information Security * Identify Drivers Affecting the Organization * Obtain Senior Management Commitment to Information Security * Define Roles and Responsibilities for Information Security * Establish Reporting and Communication Channels 2 - INFORMATION RISK MANAGEMENT * Implement an Information Risk Assessment Process * Determine Information Asset Classification and Ownership * Conduct Ongoing Threat and Vulnerability Evaluations * Conduct Periodic BIAs * Identify and Evaluate Risk Mitigation Strategies * Integrate Risk Management into Business Life Cycle Processes * Report Changes in Information Risk 3 - INFORMATION SECURITY PROGRAM DEVELOPMENT * Develop Plans to Implement an Information Security Strategy * Security Technologies and Controls * Specify Information Security Program Activities * Coordinate Information Security Programs with Business Assurance Functions * Identify Resources Needed for Information Security Program Implementation * Develop Information Security Architectures * Develop Information Security Policies * Develop Information Security Awareness, Training, and Education Programs * Develop Supporting Documentation for Information Security Policies 4 - INFORMATION SECURITY PROGRAM IMPLEMENTATION * Integrate Information Security Requirements into Organizational Processes * Integrate Information Security Controls into Contracts * Create Information Security Program Evaluation Metrics 5 - INFORMATION SECURITY PROGRAM MANAGEMENT * Manage Information Security Program Resources * Enforce Policy and Standards Compliance * Enforce Contractual Information Security Controls * Enforce Information Security During Systems Development * Maintain Information Security Within an Organization * Provide Information Security Advice and Guidance * Provide Information Security Awareness and Training * Analyze the Effectiveness of Information Security Controls * Resolve Noncompliance Issues 6 - INCIDENT MANAGEMENT AND RESPONSE * Develop an Information Security Incident Response Plan * Establish an Escalation Process * Develop a Communication Process * Integrate an IRP * Develop IRTs * Test an IRP * Manage Responses to Information Security Incidents * Perform an Information Security Incident Investigation * Conduct Post-Incident Reviews

This course covers incident response methods and procedures are taught in alignment with industry frameworks such as US-CERT's NCISP (National Cyber Incident Response Plan), and Presidential Policy Directive (PPD) 41 on Cyber Incident Coordination Policy.

Mastering the Digital Battlefield: Cyber Security Incident Handling and Incident Response Embark on a riveting journey into the heart of the digital battlefield with our course, 'Cyber Security Incident Handling and Incident Response.' In a world where the digital landscape is fraught with potential threats, mastering the art of incident response is your armor against cyber adversaries. This course is your compass through the intricate phases of incident handling, from meticulous preparation to the final thoughts that seal the breach. Each section is a chapter in your saga of becoming a digital guardian, equipping you with the skills to identify, contain, eradicate, and recover from cyber incidents. Unleash the hero within you as you navigate through real-world scenarios, honing your ability to respond swiftly and effectively to the ever-evolving challenges of the cyber realm. Enroll now to transform into a cyber sentinel, ready to face and conquer the dynamic landscape of digital threats. Learning Outcomes * Gain a comprehensive understanding of incident handling principles, laying the foundation for a robust cyber defense strategy. * Prepare effectively for potential cyber incidents, ensuring readiness to face and mitigate emerging threats. * Develop the skills to identify and classify cyber incidents, discerning their nature and potential impact. * Master the art of containment, eradicating threats effectively to prevent further damage. * Acquire the knowledge and techniques necessary for a swift and successful recovery from cyber incidents, minimizing downtime and impact. WHY CHOOSE THIS CYBER SECURITY INCIDENT HANDLING AND INCIDENT RESPONSE COURSE? 1. Unlimited access to the course for a lifetime. 2. Opportunity to earn a certificate accredited by the CPD Quality Standards and CIQ after completing this course. 3. Structured lesson planning in line with industry standards. 4. Immerse yourself in innovative and captivating course materials and activities. 5. Assessments designed to evaluate advanced cognitive abilities and skill proficiency. 6. Flexibility to complete the Course at your own pace, on your own schedule. 7. Receive full tutor support throughout the week, from Monday to Friday, to enhance your learning experience. 8. Unlock career resources for CV improvement, interview readiness, and job success. WHO IS THIS CYBER SECURITY INCIDENT HANDLING AND INCIDENT RESPONSE COURSE FOR? * IT professionals and cybersecurity enthusiasts looking to enhance their incident response skills. * Cybersecurity analysts aiming to deepen their understanding of incident handling. * System administrators and network security professionals seeking practical incident response knowledge. * Individuals aspiring to pursue a career in cybersecurity or incident response roles. * Small business owners and managers concerned about fortifying their digital infrastructure. CAREER PATH * Incident Responder: £35,000 - £60,000 * Cybersecurity Analyst: £30,000 - £55,000 * Security Consultant: £40,000 - £70,000 * Information Security Manager: £45,000 - £80,000 * Chief Information Security Officer (CISO): £70,000 - £120,000 * Digital Forensic Analyst: £35,000 - £65,000 PREREQUISITES This Cyber Security Incident Handling and Incident Response does not require you to have any prior qualifications or experience. You can just enrol and start learning.This Cyber Security Incident Handling and Incident Response was made by professionals and it is compatible with all PC's, Mac's, tablets and smartphones. You will be able to access the course from anywhere at any time as long as you have a good enough internet connection. CERTIFICATION After studying the course materials, there will be a written assignment test which you can take at the end of the course. After successfully passing the test you will be able to claim the pdf certificate for £4.99 Original Hard Copy certificates need to be ordered at an additional cost of £8. COURSE CURRICULUM Cyber Security Incident Handling and Incident Response Promo 00:05:00 Section 01: An Introduction to Incident Handling 1.1 Incident Handling 00:07:00 Section 02: Preparation for an Incident 2.1 Preparation of People and Policy 00:07:00 2.2 Team Building and Management 00:06:00 Section 03: Identification 3.1 Where Does Identification Occur? 00:06:00 3.2 What to Check? 00:07:00 Section 04: Containment 4.1 Deployment and Categorisation 00:05:00 4.2 Short-term and Long-term Actions 00:05:00 Section 05: Eradication 5.1 Restoring and Improving Defenses 00:05:00 Section 06: Recovery Phase 6.1 Validation and Monitoring 00:06:00 Section 07: Final Thoughts 7.1 Meet, Fix, and Share 00:06:00 Resources Resources - Cyber Security Incident Handling and Incident Response 00:00:00 Assignment Assignment - Cyber Security Incident Handling and Incident Response 00:00:00

Duration 5 Days 30 CPD hours This course is intended for This course is designed for people who are seeking to launch a career in cybersecurity. Overview Assess the security posture of an enterprise environment and recommend and implement appropriate security solutions; Monitor and secure hybrid environments, including cloud, mobile, and IoT; Operate with an awareness of applicable laws and policies, including principles of governance, risk, and compliance; Identify, analyze, and respond to security events and incidents. CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and is the first security certification a candidate should earn. CompTIA Security+ establishes the core knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs. LESSON 1: SUMMARIZE FUNDAMENTAL SECURITY CONCEPTS * Security Concepts * Security Controls LESSON 2: COMPARE THREAT TYPES * Threat Actors * Attack Surfaces * Social Engineering LESSON 3: EXPLAIN CRYPTOGRAPHIC SOLUTIONS * Cryptographic Algorithms * Public Key Infrastructure * Cryptographic Solutions LESSON 4: IMPLEMENT IDENTITY AND ACCESS MANAGEMENT * Authentication * Authorization * Identity Management LESSON 5: SECURE ENTERPRISE NETWORK ARCHITECTURE * Enterprise Network Architecture * Network Security Appliances * Secure Communications LESSON 6: SECURE CLOUD NETWORK ARCHITECTURE * Cloud Infrastructure * Embedded Systems and Zero Trust Architecture LESSON 7: EXPLAIN RESILIENCY AND SITE SECURITY CONCEPTS * Asset Management * Redundancy Strategies * Physical Security LESSON 8: EXPLAIN VULNERABILITY MANAGEMENT * Device and OS Vulnerabilities * Application and Cloud Vulnerabilities * Vulnerability Identification Methods * Vulnerability Analysis and Remediation LESSON 9: EVALUATE NETWORK SECURITY CAPABILITIES * Network Security Baselines * Network Security Capability Enhancement LESSON 10: ASSESS ENDPOINT SECURITY CAPABILITIES * Implement Endpoint Security * Mobile Device Hardening LESSON 11: ENHANCE APPLICATION SECURITY CAPABILITIES * Application Protocol Security Baselines * Cloud and Web Application Security Concepts LESSON 12: EXPLAIN INCIDENT RESPONSE AND MONITORING CONCEPTS * Incident Response * Digital Forensics * Data Sources * Alerting and Monitoring Tools LESSON 13: ANALYZE INDICATORS OF MALICIOUS ACTIVITY * Malware Attack Indicators * Physical and Network Attack Indicators * Application Attack Indicators LESSON 14: SUMMARIZE SECURITY GOVERNANCE CONCEPTS * Policies, Standards, and Procedures * Change Management * Automation and Orchestration LESSON 15: EXPLAIN RISK MANAGEMENT PROCESSES * Risk Management Processes and Concepts * Vendor Management Concepts * Audits and Assessments LESSON 16: SUMMARIZE DATA PROTECTION AND COMPLIANCE CONCEPTS * Data Classification and Compliance * Personnel Policies ADDITIONAL COURSE DETAILS: Nexus Humans CompTIA Security Plus Certification (Exam SY0-601) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the CompTIA Security Plus Certification (Exam SY0-601) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Register on the Cyber Security Incident Handling and Incident Response today and build the experience, skills and knowledge you need to enhance your professional development and work towards your dream job. Study this course through online learning and take the first steps towards a long-term career. The course consists of a number of easy to digest, in-depth modules, designed to provide you with a detailed, expert level of knowledge. Learn through a mixture of instructional video lessons and online study materials. Receive online tutor support as you study the course, to ensure you are supported every step of the way. Get a digital certificate as a proof of your course completion. The Cyber Security Incident Handling and Incident Response is incredibly great value and allows you to study at your own pace. Access the course modules from any internet-enabled device, including computers, tablet, and smartphones. The course is designed to increase your employability and equip you with everything you need to be a success. Enrol on the now and start learning instantly! WHAT YOU GET WITH THE CYBER SECURITY INCIDENT HANDLING AND INCIDENT RESPONSE * Receive a e-certificate upon successful completion of the course * Get taught by experienced, professional instructors * Study at a time and pace that suits your learning style * Get instant feedback on assessments  * 24/7 help and advice via email or live chat * Get full tutor support on weekdays (Monday to Friday) COURSE DESIGN The course is delivered through our online learning platform, accessible through any internet-connected device. There are no formal deadlines or teaching schedules, meaning you are free to study the course at your own pace. You are taught through a combination of * Video lessons * Online study materials CERTIFICATION After the successful completion of the final assessment, you will receive a CPD-accredited certificate of achievement. The PDF certificate is for £9.99, and it will be sent to you immediately after through e-mail. You can get the hard copy for £15.99, which will reach your doorsteps by post. WHO IS THIS COURSE FOR: The course is ideal for those who already work in this sector or are an aspiring professional. This course is designed to enhance your expertise and boost your CV. Learn key skills and gain a professional qualification to prove your newly-acquired knowledge. REQUIREMENTS: The online training is open to all students and has no formal entry requirements. To study the Cyber Security Incident Handling and Incident Response, all your need is a passion for learning, a good understanding of English, numeracy, and IT skills. You must also be over the age of 16. COURSE CONTENT Cyber Security Incident Handling and Incident Response Promo 00:05:00 Section 01: An Introduction to Incident Handling 1.1 Incident Handling 00:07:00 Section 02: Preparation for an Incident 2.1 Preparation of People and Policy 00:07:00 2.2 Team Building and Management 00:06:00 Section 03: Identification 3.1 Where Does Identification Occur? 00:06:00 3.2 What to Check? 00:07:00 Section 04: Containment 4.1 Deployment and Categorisation 00:05:00 4.2 Short-term and Long-term Actions 00:05:00 Section 05: Eradication 5.1 Restoring and Improving Defenses 00:05:00 Section 06: Recovery Phase 6.1 Validation and Monitoring 00:06:00 Section 07: Final Thoughts 7.1 Meet, Fix, and Share 00:05:00 Resources Resources - Cyber Security Incident Handling and Incident Response 00:00:00 FREQUENTLY ASKED QUESTIONS Are there any prerequisites for taking the course? There are no specific prerequisites for this course, nor are there any formal entry requirements. All you need is an internet connection, a good understanding of English and a passion for learning for this course. Can I access the course at any time, or is there a set schedule? You have the flexibility to access the course at any time that suits your schedule. Our courses are self-paced, allowing you to study at your own pace and convenience. How long will I have access to the course? For this course, you will have access to the course materials for 1 year only. This means you can review the content as often as you like within the year, even after you've completed the course. However, if you buy Lifetime Access for the course, you will be able to access the course for a lifetime. Is there a certificate of completion provided after completing the course? Yes, upon successfully completing the course, you will receive a certificate of completion. This certificate can be a valuable addition to your professional portfolio and can be shared on your various social networks. Can I switch courses or get a refund if I'm not satisfied with the course? We want you to have a positive learning experience. If you're not satisfied with the course, you can request a course transfer or refund within 14 days of the initial purchase. How do I track my progress in the course? Our platform provides tracking tools and progress indicators for each course. You can monitor your progress, completed lessons, and assessments through your learner dashboard for the course. What if I have technical issues or difficulties with the course? If you encounter technical issues or content-related difficulties with the course, our support team is available to assist you. You can reach out to them for prompt resolution.

Duration 1 Days 6 CPD hours This course is intended for This course is designed primarily for IT leaders and company executives who are responsible for complying with incident response legislation. This course focuses on the knowledge, resources, and skills necessary to comply with incident response, and incident handling process requirements. Overview In this course, you will understand, assess and respond to security threats and operate a system and network security analysis platform. You will: Explain the importance of best practices in preparation for incident response Given a scenario, execute incident response process Explain general mitigation methods and devices Assess and comply with current incident response requirements. This course covers incident response methods and procedures are taught in alignment with industry frameworks such as US-CERT?s NCISP (National Cyber Incident Response Plan), and Presidential Policy Directive (PPD) 41 on Cyber Incident Coordination Policy. It is ideal for candidates who have been tasked with managing compliance with state legislation and other regulatory requirements regarding incident response, and for executing standardized responses to such incidents. The course introduces procedures and resources to comply with legislative requirements regarding incident response. This course is designed to assist students in preparing for the CertNexus Incident Responder Credential (CIR-110). What you learn and practice in this course can be a significant part of your preparation. ASSESSMENT OF INFORMATION SECURITY RISKS * The Importance of Risk Management * Integrating Documentation into Risk Management RESPONSE TO CYBERSECURITY INCIDENTS * Deployment of Incident Handling and Response Architecture * Containment and Mitigation of Incidents * Preparation for Forensic Investigation as a CSIRT INVESTIGATING CYBERSECURITY INCIDENTS * Use a Forensic Investigation Plan * Securely Collect and Analyze Electronic Evidence * Follow Up on the Results of an Investigation COMPLYING WITH LEGISLATION * Examples of Legislation (if this is covered in above topics, no need to include here) GDPR, HIPPA, Elections * Case study: Incident Response and GDPR (Using GDPR legislation, create a response that is compliant with it ? this could be discussion-based activity as well.) STATE LEGISLATION RESOURCES AND EXAMPLE * Search terms to find state legislation * Using NYS as example use the NYS Privacy Response act or other legislation to create a similar case study as previous. * Provide answers on when to use federal versus state and do you have to follow both?

OVERVIEW This comprehensive course on Cyber Security Incident Handling and Incident Response will deepen your understanding on this topic. After successful completion of this course you can acquire the required skills in this sector. This Cyber Security Incident Handling and Incident Response comes with accredited certification from CPD, which will enhance your CV and make you worthy in the job market. So enrol in this course today to fast track your career ladder. HOW WILL I GET MY CERTIFICATE? You may have to take a quiz or a written test online during or after the course. After successfully completing the course, you will be eligible for the certificate. WHO IS THIS COURSE FOR? There is no experience or previous qualifications required for enrolment on this Cyber Security Incident Handling and Incident Response. It is available to all students, of all academic backgrounds. REQUIREMENTS Our Cyber Security Incident Handling and Incident Response is fully compatible with PC's, Mac's, Laptop, Tablet and Smartphone devices. This course has been designed to be fully compatible with tablets and smartphones so you can access your course on Wi-Fi, 3G or 4G. There is no time limit for completing this course, it can be studied in your own time at your own pace. CAREER PATH Learning this new skill will help you to advance in your career. It will diversify your job options and help you develop new techniques to keep up with the fast-changing world. This skillset will help you to- * Open doors of opportunities * Increase your adaptability * Keep you relevant * Boost confidence And much more! COURSE CURRICULUM 10 sections • 13 lectures • 01:04:00 total length •Promo: 00:05:00 •1.1 Incident Handling: 00:07:00 •2.1 Preparation of People and Policy: 00:07:00 •2.2 Team Building and Management: 00:06:00 •3.1 Where Does Identification Occur?: 00:06:00 •3.2 What to Check?: 00:07:00 •4.1 Deployment and Categorisation: 00:05:00 •4.2 Short-term and Long-term Actions: 00:05:00 •5.1 Restoring and Improving Defenses: 00:05:00 •6.1 Validation and Monitoring: 00:06:00 •7.1 Meet, Fix, and Share: 00:05:00 •Resources - Cyber Security Incident Handling and Incident Response: 00:00:00 •Assignment - Cyber Security Incident Handling and Incident Response: 00:00:00

Duration 1 Days 6 CPD hours This course is intended for Security IT business-level professionals interested in cloud security practices Security professionals with minimal to no working knowledge of AWS Overview Assimilate Identify security benefits and responsibilities of using the AWS Cloud Describe the access control and management features of AWS Explain the available methods for providing encryption of data in transit and data at rest when storing your data in AWS. Describe how to secure network access to your AWS resources Determine which AWS services can be used for monitoring and incident response This course covers fundamental AWS cloud security concepts, including AWS access control, data encryption methods, and how network access to your AWS infrastructure can be secured. Based on the AWS Shared Security Model, you learn where you are responsible for implementing security in the AWS Cloud and what security-oriented services are available to you and why and how the security services can help meet the security needs of your organization. Prerequisites Working knowledge of IT security practices and infrastructure concepts, familiarity with cloud computing concepts 1 - SECURITY ON AWS * Security design principles in the AWS Cloud * AWS Shared Responsibility Model 2 - SECURITY OF THE CLOUD * AWS Global Infrastructure * Data center security * Compliance and governance 3 - SECURITY IN THE CLOUD ? PART 1 * Identity and access management * Data protection essentials * Lab 01 ? Introduction to security policies 4 - SECURITY IN THE CLOUD ? PART 2 * Securing your infrastructure * Monitoring and detective controls * Lab 02 ? Securing VPC resources with Security Groups 5 - SECURITY IN THE CLOUD ? PART 3 * DDoS mitigation * Incident response essentials * Lab 03 ? Remediating issues with AWS Config Conformance Packs 6 - COURSE WRAP UP * AWS Well-Architected tool overview * Next Steps ADDITIONAL COURSE DETAILS: Nexus Humans AWS Security Essentials training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the AWS Security Essentials course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for The C|CT is ideal for anyone looking to start their career in cybersecurity or add a strong foundational understanding of the cybersecurity concepts and techniques required to be effective on the job. The course is especially well suited to: Early-career IT professionals, IT managers, career changers, and career advancers Students and recent graduates Overview After completing this course, you will understand: Key concepts in cybersecurity, including information security and network security Information security threats, vulnerabilities, and attacks The different types of malware Identification, authentication, and authorization Network security controls Network security assessment techniques and tools (threat hunting, threat intelligence, vulnerability assessment, ethical hacking, penetration testing, configuration and asset management) Application security design and testing techniques Fundamentals of virtualization, cloud computing, and cloud security Wireless network fundamentals, wireless encryption, and related security measures Fundamentals of mobile, IoT, and OT devices and related security measures Cryptography and public-key infrastructure Data security controls, data backup and retention methods, and data loss prevention techniques Network troubleshooting, traffic and log monitoring, and analysis of suspicious traffic The incident handling and response process Computer forensics and digital evidence fundamentals, including the phases of a forensic investigation Concepts in business continuity and disaster recovery Risk management concepts, phases, and frameworks EC-Council?s C|CT certification immerses students in well-constructed knowledge transfer. Training is accompanied by critical thinking challenges and immersive lab experiences that allow candidates to apply their knowledge and move into the skill development phase in the class itself. Upon completing the program, C|CT-certified professionals will have a strong foundation in cybersecurity principles and techniques as well as hands-on exposure to the tasks required in real-world jobs. COURSE OUTLINE * Information Security Threats and Vulnerabilities * Information Security Attacks * Network Security Fundamentals * Identification, Authentication, and Authorization * Network Security Controls: Administrative Controls * Network Security Controls: Physical Controls * Network Security Controls: Technical Controls * Network Security Assessment Techniques and Tools * Application Security * Virtualization and Cloud Computing * Wireless Network Security * Mobile Device Security * Internet of Things (IoT) and Operational Technology (OT) Security * Cryptography * Data Security * Network Troubleshooting * Network Traffic Monitoring * Network Log Monitoring and Analysis * Incident Response * Computer Forensics * Business Continuity and Disaster Recovery * Risk Management

Duration 3 Days 18 CPD hours This course is intended for This course is intended for security engineers, security architects, and information security professionals. Overview Identify security benefits and responsibilities of using the AWS Cloud Build secure application infrastructures Protect applications and data from common security threats Perform and automate security checks Configure authentication and permissions for applications and resources Monitor AWS resources and respond to incidents Capture and process logs Create and configure automated and repeatable deployments with tools such as AMIs and AWS CloudFormation This course demonstrates how to efficiently use AWS security services to stay secure in the AWS Cloud. The course focuses on the security practices that AWS recommends for enhancing the security of your data and systems in the cloud. The course highlights the security features of AWS key services including compute, storage, networking, and database services. You will also learn how to leverage AWS services and tools for automation, continuous monitoring and logging, and responding to security incidents. Prerequisites We recommend that attendees of this course have: * Working knowledge of IT security practices and infrastructure concepts * Familiarity with cloud computing concepts * Completed AWS Security Essentials and Architecting on AWS courses 1 - SECURITY ON AWS * Security in the AWS cloud * AWS Shared Responsibility Model * Incident response overview * DevOps with Security Engineering 2 - IDENTIFYING ENTRY POINTS ON AWS * Identify the different ways to access the AWS platform * Understanding IAM policies * IAM Permissions Boundary * IAM Access Analyzer * Multi-factor authentication * AWS CloudTrail 3 - SECURITY CONSIDERATIONS: WEB APPLICATION ENVIRONMENTS * Threats in a three-tier architecture * Common threats: user access * Common threats: data access * AWS Trusted Advisor 4 - APPLICATION SECURITY * Amazon Machine Images * Amazon Inspector * AWS Systems Manager 5 - DATA SECURITY * Data protection strategies * Encryption on AWS * Protecting data at rest with Amazon S3, Amazon RDS, Amazon DynamoDB * Protecting archived data with Amazon S3 Glacier * Amazon S3 Access Analyzer * Amazon S3 Access Points 6 - SECURING NETWORK COMMUNICATIONS * Amazon VPC security considerations * Amazon VPC Traffic Mirroring * Responding to compromised instances * Elastic Load Balancing * AWS Certificate Manager 7 - MONITORING AND COLLECTING LOGS ON AWS * Amazon CloudWatch and CloudWatch Logs * AWS Config * Amazon Macie * Amazon VPC Flow Logs * Amazon S3 Server Access Logs * ELB Access Logs 8 - PROCESSING LOGS ON AWS * Amazon Kinesis * Amazon Athena 9 - SECURITY CONSIDERATIONS: HYBRID ENVIRONMENTS * AWS Site-to-Site and Client VPN connections * AWS Direct Connect * AWS Transit Gateway 10 - OUT-OF-REGION PROTECTION * Amazon Route 53 * AWS WAF * Amazon CloudFront * AWS Shield * AWS Firewall Manager * DDoS mitigation on AWS 11 - SECURITY CONSIDERATIONS: SERVERLESS ENVIRONMENTS * Amazon Cognito * Amazon API Gateway * AWS Lambda 12 - THREAT DETECTION AND INVESTIGATION * Amazon GuardDuty * AWS Security Hub * Amazon Detective 13 - SECRETS MANAGEMENT ON AWS * AWS KMS * AWS CloudHSM * AWS Secrets Manager 14 - AUTOMATION AND SECURITY BY DESIGN * AWS CloudFormation * AWS Service Catalog 15 - ACCOUNT MANAGEMENT AND PROVISIONING ON AWS * AWS Organizations * AWS Control Tower * AWS SSO * AWS Directory Service