A well-prepared and organized approach is key to addressing and managing the aftermath of a system failure, security breach, or cyberattack. In this course, you'll explore the fundamental principles an SRE needs to be familiar with when responding to and managing incidents. You'll identify the goals, requirements, best practices, and key players involved in incident management. You'll learn how to deal with managed and unmanaged incidents and what's involved in an incident response plan.
You'll identify incident response roles and responsibilities, and how to use incident metrics to manage incidents at scale. You'll outline what's involved in establishing a computer security incident response team (CSIRT), including each key team member's roles and responsibilities. Lastly, you'll examine what goes into an incident response policy.
summarize the requirements, goals, best practices, job roles, and tools involved in managing and responding to incidents
recognize the importance of incident response planning and the characteristics of incidence response plans
describe what is meant by each one of the 'three Cs' of incident management (coordinate, communicate, and control)
restate the duties of the prominent job roles involved in incident response (Incident Commander, Communications Lead, and Operations Lead) as well as those of other, supporting roles
recognize the best practices for handling managed incidents
recognize the best practices for handling unmanaged incidents
describe why correctly declaring and classifying incidents is essential and when these activities should be carried out
assess why incident response training is necessary and list the responsibilities of an incident response analyst
outline tips and strategies for incident response preparation
outline how to go about practicing incident management processes and describe why these activities are important
outline how to use incident management data for measuring team performance and identify the KPIs to look out for
differentiate between the standard tools used for incident response
judge when to create a CSIRT and choose who should be on that team
identify the different purposes of the various roles on a CSIRT
describe the elements of an incident response policy