Implementing Cisco Cybersecurity Operations v1.0

This course allows learners to understand how a Security Operations Center (SOC) functions and the introductory-level skills and knowledge needed in this environment. It focuses on the introductory-level skills needed for a SOC Analyst at the associate level. Specifically, understanding basic threat analysis, event correlation, identifying malicious activity, and how to use a playbook for incident response.

Course Objectives

Upon completion of this course, you will be able to:

• Define a SOC and the various job roles in a SOC
• Understand SOC infrastructure tools and systems
• Learn basic incident analysis for a threat centric SOC
• Explore resources available to assist with an investigation
• Explain basic event correlation and normalization
• Describe common attack vectors
• Learn how to identifying malicious activity
• Understand the concept of a playbook
• Describe and explain an incident respond handbook
• Define types of SOC Metrics
• Understand SOC Workflow Management system and automation

Who Should Attend

• Security Operations Center – Security Analyst
• Computer/Network Defense Analysts
• Computer Network Defense Infrastructure Support Personnel
• Future Incident Responders and Security Operations Center (SOC) personnel
• Students beginning a career, entering the cybersecurity field
• Cisco Channel Partners

Prerequisites

It is recommended, but not required, that students have the following knowledge and skills:

• Skills and knowledge equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1)
• Working knowledge of the Windows operating system
• Working knowledge of Cisco IOS networking and concepts

Course Outline

Module 1: SOC Overview

• Lesson 1: Defining the Security Operations Center
• Lesson 2: Understanding NSM Tools and Data
• Lesson 3: Understanding Incident Analysis in a Threat-Centric SOC
• Lesson 4: Identifying Resources for Hunting Cyber Threats

Module 2: Security Incident Investigations

• Lesson 1: Understanding Event Correlation and Normalization
• Lesson 2: Identifying Common Attack Vectors
• Lesson 3: Identifying Malicious Activity
• Lesson 4: Identifying Patterns of Suspicious Behavior
• Lesson 5: Conducting Security Incident Investigations

Module 3: SOC Operations

• Lesson 1: Describing the SOC Playbook
• Lesson 2: Understanding the SOC Metrics
• Lesson 3: Understanding the SOC WMS and Automation
• Lesson 4: Describing the Incident Response Plan
• Lesson 5: Appendix A—Describing the Computer Security Incident Response Team
• Lesson 6: Appendix B—Understanding the use of VERIS