Enable information systems professionals to manage security as an end-to-end discipline—preventing breaches, organizing the right response teams, running effective incident plans, and restoring operations to a safe state with audit-ready evidence.
A practical program that blends governance, architecture hardening, monitoring, and incident response. Participants learn how to design their security operating model, stand up the right teams and playbooks, detect and contain active threats, coordinate recovery, and communicate with stakeholders. Labs and templates focus on real scenarios such as active intrusion, ransomware, data exfiltration, and business email compromise.
Target Group
Target Group
Information systems and IT security practitioners
System, network, and cloud administrators
SOC analysts and incident responders
IT managers, service owners, and project leads
Risk, compliance, legal/privacy, and audit partners supporting security
Goals
Define a security management operating model aligned to business risk and compliance
Design team structures, roles, and RACI for prevention, detection, response, and recovery
Build playbooks for identification, containment, eradication, recovery, and post-incident learning
Establish monitoring with clear use cases, thresholds, and escalation paths
Coordinate crisis communications, legal/privacy steps, and stakeholder updates
Measure performance with meaningful KPIs and drive continuous improvement
Target Competencies
Target Competencies
Security governance, risk assessment, and operating-model design
Incident response leadership, team structuring, and RACI application
Detection engineering, SOC operations, and threat hunting
Digital forensics fundamentals and evidence stewardship
Crisis communication, legal/privacy coordination, and stakeholder management
Recovery orchestration, resilience planning, and continuous improvement
Outlines
Security Leadership, Governance & Risk
Policy framework and control baselines mapped to recognized standards
Risk assessment and asset classification tied to business impact
Security operating model, charters, and decision rights for leaders and teams
Third-party and supply-chain risk management, contracts, and assurance
Metrics and reporting cadence for executives and audit committees
Building the Incident Response Organization
Team design: incident commander, SOC tiers, incident handlers, threat intel, forensics, IT ops/network, application owners, legal/privacy, communications, business continuity
Roles and responsibilities using RACI; on-call structure and escalation ladders
War-room rhythm, out-of-band communications, and decision logs
Evidence handling and chain of custody for defensible investigations
Readiness drills: tabletops, playbook walkthroughs, and red/purple-team exercises
* Password must be at least 8 characters long * Password must contain at least one lowercase letter * Password must contain at least one uppercase letter * Password must contain at least one digit
