7 Replies Latest reply: Aug 15, 2018 3:45 PM by Milan RSS

    Incident Response Methodology (What to do when an intrusion happens)

    Shelldon.Copper

      While browsing around these days I try to read and digest as much as I can About the topics of the certification.

      the following is a list of cheat sheets based on different situations like:

       

      • IRM-1: Worm Infection
      • IRM-2: Windows Intrusion
      • IRM-3: Unix Intrusion
      • IRM-4: DDoS
      • IRM-5: Malicious Network Behaviour
      • IRM-6: Website Defacement
      • IRM-7: Windows Malware Detection
      • IRM-8: Blackmail
      • IRM-9: Smartphone Malware
      • IRM-10: Social Engineering
      • IRM-11: Information Leakage
      • IRM-12: Insider Abuse
      • IRM-13: Phishing
      • IRM-14: Scam
      • IRM-15: Trademark Infringement
      • IRM-17: Ransomware

       

      the pdf files of all thsoe methodologies can be downloaded here:

      https://github.com/certsocietegenerale/IRM/raw/master/EN/IRM_English_Pack.zip

       

      Source of the methodologies is CERT Societe Generale.

      I hope if possible it can be added to the list of study materials in this page: SECOPS Study Material

      maybe Matt or Rigo can help with that.

       

      UPDATE:

      Also NIST's Incident response guide:

      http://www.csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf