Cyprus
England
Greece
Ireland
CSIS is the Professional Advanced Level Incident Response/Forensic Acquisition Certification.
Prove your range of specialist knowledge and real-world skills to deal effectively with incident response by earning the CSIS certification. Building on the knowledge gained from CSTA, CSTP, CFIP & CMI certifications, CSIS extends your expertise beyond the CMI certification.
CSIS Certification Path & Tracks:
CSIS Exam Syllabus
1. Introduction to Incident Response
a. Define an incident within the context of Computer Security
b. Explain how incidents are commonly identified
c. Describe the potential business impact of an incident occurring
d. Describe the requirements of an Incident Response Plan
e. Describe the need for an Incident Response Team
f. Discuss the issues involved in developing Incident Response procedures and techniques
2. Introduction to Incident Investigation
a. Discuss reasons why an incident investigation is needed
b. Discuss the objectives of an incident investigation
c. Describe the skill sets required for incident investigators
d. Explain how the investigation process needs to be balanced against business continuity
e. Describe the process of an investigation
f. Discuss potential lines of enquiry within a given scenario
3. Incident Investigation Techniques
a. Define the stages of a typical incident investigation
b. Describe the purpose of each stage of incident investigation
c. Discuss the relevance of each stage of the investigation
d. Discuss issues that could affect the order in which an incident investigation may proceed
4. Incident Investigation Preparation
a. List technical equipment that may be required to respond to a security incident
b. Discuss data security considerations associated with an onsite incident investigation
c. List further preparations that may be necessary for a computer security incident investigation.
5. Information Gathering
a. Describe the purpose of information gathering
b. Describe common methods of information gathering
c. Discuss the benefits of information gathering methods
d. List the type of information that should be sought during the information gathering stage
e. Consider appropriate sources of relevant information
6. Assessing Network Security
a. Define common security assessment techniques
b. Discuss the purpose of network security assessments
c. Describe the issues surrounding network security assessments
d. Describe the 7 stage hacking methodology
e. Discuss the evidential implications of security assessments
f. Demonstrate the use of common network scanning and vulnerability assessment tools on the case study environment
7. Introduction to Server Forensics
a. Discuss hardware related issues associated with server forensics
b. Describe the services provided by different types of network server
c. Describe typical forensic artefacts associated with Microsoft servers
d. Describe typical forensic artefacts associated with Linux servers
e. List evidentially significant files and folders that are core to the investigation of Microsoft and Linux operating systems
8. Data Harvesting Techniques
a. List electronic devices suitable for data acquisition
b. Define common data acquisition techniques
c. Discuss how acquisition of RAID devices can be achieved
d. Demonstrate acquisition and analysis of live server data
e. Demonstrate acquisition of a live server using FTK imager
f. Demonstrate acquisition of a local server using DD
g. Demonstrate acquisition of a remote server using DD
h. Explain considerations for prioritising acquisition of devices
9. Data Analysis Techniques
a. Describe the four analysis environments
b. Describe the malware analysis investigation methodology
c. Demonstrate malware analysis
d. Describe the requirements for log file analysis
e. Describe the requirements for source code analysis
f. Describe the requirements for database analysis
g. Demonstrate log file, source code and database analysis techniques
10. Incident Containment
a. Describe the purpose of incident containment
b. Discuss common containment issues
c. Describe techniques to achieve appropriate containment
d. Discuss the need to have knowledge of security best practices
e. Discuss the importance of testing containment solutions
f. Demonstrate containment within the course scenario
11. Incident Reporting
a. Describe the requirement for appropriate incident reporting
b. Describe the issues that affect report requirements
c. Discuss techniques that can assist report delivery
d. Discuss the importance of clear reporting requirements
WHO IS THE CSIS
CERTIFICATION FOR?
Those responsible or eager to become responsible for computer forensic investigation, including:
- Forensic & Network Investigators
- Information Security Professionals
- IT Security Officers
- Law Enforcement Officials
- Crime Prevention Officers
‘CSIS is a certification that gives a complete overview of the process that a Breach Investigator must follow when assessing a cybercrime. The labs are very realistic and bring together the investigation aspects and potential pitfalls effectively. I have found the tools and techniques acquired extremely useful in my current role, particularly the experience of undertaking live analysis of severs. The certification has provided me with an invaluable career boost, one that I would recommend it to anyone who is serious about breach investigation’
Breach Investigator – Banking Industry
