After a rocky start with Week 1, we are now onto Week 2.
During the week 1, the focus was to understand “what is an incident?” what are the basic steps in an attack. There are various attack life cycles: Mandiant Attack Life cycle and Lockheed Martin’s Cyber Kill Chain methodology. While they are similar , there are some differences. The two methodologies emphasize different aspects of an attack life cycle. Kill Chain methodology’s emphasis on weaponization and delivery are very crucial. Mandiant’s lifecycles focuses on the steps after the initial breach.
During this week, we will assume that a breach has occurred. The discussion will be to understand the processes that need to exist to deal with a breach. We will discuss the roles of the Help Desk, SOC, CSIRT, etc.