Incident Response and Detection Training

• Author
• Recent Posts

Karen Scarfone

Karen Scarfone is the Principal Consultant for Scarfone Cybersecurity. She develops cybersecurity-related publications for federal agencies, media companies, and other organizations. She was formerly a Senior Computer Scientist at the National Institute of Standards and Technology (NIST). Karen has co-authored over 100 NIST Special Publications and Interagency Reports on a wide variety of cybersecurity topics. In addition, she has co-authored or contributed to 16 books and published over 200 articles on cybersecurity topics. Karen holds master’s degrees in computer science and technical writing, and she has worked in IT for more than 30 years, with over 20 years of that dedicated to cybersecurity. In recognition of her work for federal agencies, Karen has received a Federal 100 award and Department of Commerce Gold Medal and Bronze Medal Awards.

Latest posts by Karen Scarfone (see all)

• Incident Response Planning - November 2, 2022
• Privileged Access Training - June 22, 2022
• Incident Response Training - June 21, 2022

Every technology user in your company needs to know how to spot possible cyber security incidents and report them. Detecting incidents sooner helps minimize harm to your coworkers, your company, your partners, and your customers. It can prevent an isolated problem from becoming tomorrow’s headline. Your incident responders and security operations staff have training for their roles in incident response. What about everyone else?

I have been helping organizations shape their approaches to incident response for over 20 years. I am thrilled to have had the opportunity to work with Deborah Nichols and her team at ELC Information Security on creating a new training course on cyber security incident response for users. This course brings together my decades of experience in incident response and detection, and the latest trends in threats and attacks to ensure your users get the information they truly need.

Your company’s users need training on identifying the most common types of incidents:

• Ransomware, which can quickly escalate from infecting one computer to shutting down your entire enterprise and causing massive data breaches.
• Social engineering, especially Business Email Compromise (BEC) attacks and other forms of phishing that cost companies billions of dollars per year.
• Lost or stolen computers and credentials, which can give attackers easy entry to your systems and start larger attacks.
• Accidental data leaks and breaches, like emailing sensitive information to the wrong person or distribution list.
• Compromised resources, such as a customer mentioning that your company’s website is infected with malware.

Users also need to learn their responsibilities for incident reporting, especially:

• How to report an incident
• When to report an incident (spoiler alert: the answer is always “immediately”)
• What information to provide when reporting an incident
• What actions to take, like shutting down an infected computer

This course also fosters a corporate culture where it is OK to report incidents. Most incidents involve one or more mistakes. Failing to report an incident or trying to hide it for fear of getting into trouble only makes matters worse for everyone. The course also explains to users the possible consequences of failing to report an incident. Completion of the training can serve as users’ acceptance of their responsibilities.

For more information on the Incident Response course, click on the Role-Based Training link below. You can try a demo of the course and get more details on what it covers and how it works. ELC can also customize the course to reflect your company’s policies, procedures, and lingo so it is tailor-made for your users and a great companion to general security awareness training.