7 Replies Latest reply: Aug 15, 2018 3:45 PM by Milan RSS

    Incident Response Methodology (What to do when an intrusion happens)


      While browsing around these days I try to read and digest as much as I can About the topics of the certification.

      the following is a list of cheat sheets based on different situations like:


      • IRM-1: Worm Infection
      • IRM-2: Windows Intrusion
      • IRM-3: Unix Intrusion
      • IRM-4: DDoS
      • IRM-5: Malicious Network Behaviour
      • IRM-6: Website Defacement
      • IRM-7: Windows Malware Detection
      • IRM-8: Blackmail
      • IRM-9: Smartphone Malware
      • IRM-10: Social Engineering
      • IRM-11: Information Leakage
      • IRM-12: Insider Abuse
      • IRM-13: Phishing
      • IRM-14: Scam
      • IRM-15: Trademark Infringement
      • IRM-17: Ransomware


      the pdf files of all thsoe methodologies can be downloaded here:



      Source of the methodologies is CERT Societe Generale.

      I hope if possible it can be added to the list of study materials in this page: SECOPS Study Material

      maybe Matt or Rigo can help with that.



      Also NIST's Incident response guide: