Incident Response and Detection Training

Karen Scarfone
Latest posts by Karen Scarfone (see all)

Every technology user in your company needs to know how to spot possible cyber security incidents and report them. Detecting incidents sooner helps minimize harm to your coworkers, your company, your partners, and your customers. It can prevent an isolated problem from becoming tomorrow’s headline. Your incident responders and security operations staff have training for their roles in incident response. What about everyone else?

I have been helping organizations shape their approaches to incident response for over 20 years. I am thrilled to have had the opportunity to work with Deborah Nichols and her team at ELC Information Security on creating a new training course on cyber security incident response for users. This course brings together my decades of experience in incident response and detection, and the latest trends in threats and attacks to ensure your users get the information they truly need.

Your company’s users need training on identifying the most common types of incidents:

  • Ransomware, which can quickly escalate from infecting one computer to shutting down your entire enterprise and causing massive data breaches.
  • Social engineering, especially Business Email Compromise (BEC) attacks and other forms of phishing that cost companies billions of dollars per year.
  • Lost or stolen computers and credentials, which can give attackers easy entry to your systems and start larger attacks.
  • Accidental data leaks and breaches, like emailing sensitive information to the wrong person or distribution list.
  • Compromised resources, such as a customer mentioning that your company’s website is infected with malware.

Users also need to learn their responsibilities for incident reporting, especially:

  • How to report an incident
  • When to report an incident (spoiler alert: the answer is always “immediately”)
  • What information to provide when reporting an incident
  • What actions to take, like shutting down an infected computer

This course also fosters a corporate culture where it is OK to report incidents. Most incidents involve one or more mistakes. Failing to report an incident or trying to hide it for fear of getting into trouble only makes matters worse for everyone. The course also explains to users the possible consequences of failing to report an incident. Completion of the training can serve as users’ acceptance of their responsibilities.

For more information on the Incident Response course, click on the Role-Based Training link below. You can try a demo of the course and get more details on what it covers and how it works. ELC can also customize the course to reflect your company’s policies, procedures, and lingo so it is tailor-made for your users and a great companion to general security awareness training.