Malware Analysis & Incident Response for IT Technicians
Over this course, we’ll be covering some of the ways that you can prevent and respond to IT security incidents, such as a ransomware attack, on your organisation’s network. Course topics include the following:
* An explanation of the key differences between malware analysis and incident response
* Known malware, online file analysis and tools that can be used to analyse running processes
* Unknown malware and how to recognise suspicious files, using heuristic activity detection and vulnerability analysis
* Incident prevention methods, including securing removable storage and an explanation of email filtering and analysis tools.
* Incident response methods, such as escalation procedures and service priorities.
Note that, in the real world, protecting against and reacting to security incidents is something that is unique to every organisation, taking into account its size and service priorities. For example, a company that hosts some websites internally may focus on getting them back online first, and then move onto getting internal staff back online, or vice versa.
Before making any critical changes to your organisation’s network, it is critical that that this is done in accordance with your company’s policies, as this will ensure that incidents are resolved as smoothly as possible, and with the least amount of downtime and inconvenience to end users.