Day 1 - Identification and management of cyber incidents

Morning – 9 AM to 12:30 PM

Introduction to Security Incident Management  

• Definition and classification of cyber incidents. 

• Lifecycle of a cybersecurity incident. 

• Examples of recent attacks and impacts on businesses. 

Methodology and Tools for Incident Detection 

• Monitoring tools and anomaly detection (SIEM, EDR, IDS/IPS). 

• Roles and responsibilities of teams in charge of responding to incidents. 

• Identification of log sources and preliminary analysis. 

Afternoon – 1:30 PM to 5 PM

Incident Response Procedures 

• Steps for containment, eradication, and recovery. 

• Coordination with internal and external stakeholders (ANSSI, CERT). 

• Best practices for documenting and escalating an incident. 

Case Studies and Hands-on Exercises 

• Case study of a ransomware attack and adequate response. 

• Exercise for detecting an incident in real logs. 

Day 2 - Incident Simulation and Crisis Management Plan   

Morning – 9 AM to 12:30 PM

Introduction to Security Incident Management 

• Real-time incident management exercise. 

• Cyberattack simulation with participants taking the lead. 

• Implementation of containment and eradication procedures. 

Post-Mortem Analysis and Feedback 

• Identification of errors and areas for improvement. 

• Writing an incident report and action plan. 

Afternoon – 1:30 PM to 5 PM

Development of a Cyber Crisis Management Plan 

• Definition of roles and responsibilities. 

• Internal communication and with external partners. 

Lessons Learned and Best Practices 

• Summary of acquired knowledge. 

• Best practices and continuous improvement plan.