Handling Incident Management


This four-day course provides foundational knowledge for those in security-related roles who need to understand the functions of an incident management capability and how best to perform those functions.

It is recommended for those new to incident handling or security operations work.

The course introduces the basic concepts and functions of incident management. The course addresses where incident management activities fit in the information assurance or information security ecosystem and covers the key steps in the incident handling lifecycle.

Discussions include topics on security operations services, insider threats, and the nature of incident response activities. Course modules present standard practices to enable a resilient incident management capability. 

Course attendees will learn how to gather incident information, understand the technical issues related to commonly reported attack types, analyse and respond to sample incidents, apply critical thinking skills to incidents, and identify potential issues to avoid while managing incidents.

The course incorporates interactive instruction, in-class discussions, small group work, and practical exercises. Attendees have the opportunity to participate in sample incidents that they might face on a day-to-day basis in a group or team scenario/situation. 


This course will help participants to:

  • Detect and characterise various insider and outsider attack types
  • Develop a strategy for analysing and responding to complex or significant events and incidents within your organisation
  • Comprehend various methods for analysing artifacts and information left by an insider and also on a compromised system and issues involved with such analysis
  • Develop and execute cyber threat hunting goals, searching, and analysis
  • Obtain practical experience in the coordination of vulnerability handling tasks
  • Formulate and deliver effective publications and communications such as advisories, alerts, after-action reports, and management briefings

Topics Covered

  • Incident handling lifecycle and critical information review
  • New technologies and impacts on incident handling and mitigation
  • Discussion on the types of insider threats
  • Discussion of advanced persistent threats
  • Threat hunting processes and critical thinking
  • Vulnerability handling overview, including vulnerability disclosure
  • Analysing and coordinating responses to significant insider events and incidents
  • Developing and delivering compelling communications


By attending this course, you will benefit from the comprehensive content and interactive nature of the training. 

  • Gain solid understanding of the essential concepts and functions of incident management
  • Understanding incident management lifecycle
  • Integration of incident management with your existing security ecosystem
  • Technical skills enhancement
  • Critical thinking skills development
  • Insights into security operation services
  • Awareness of insider incidents
  • Development of a resilient incident management capability
  • Practical experiences through exercises

Who Should Attend

  • Current cybersecurity incident management
  • SOC staff
  • Insider threat practitioner


Before attending this course, participants should have the following experience:

  • At least six months of incident handling experience
  • Understanding the foundations of insider threat

Course Length:

Four days classroom instructor-led.

Special Arrangement:

This course may be offered by special arrangements at customer sites. For details, please contact course@insiderthreats.com.au.

Course Questions:

Email your query to course@insiderthreats.com.au.

Sign up for early access