When will I have access to the lectures and assignments?

To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

What will I get if I subscribe to this Specialization?

When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.

Is financial aid available?

Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

Stages of Incident Response

This course is part of Cyber Incident Response Specialization

Instructor: Keatron Evans

5,887 already enrolled

Included with

Learn more

7 modules

Gain insight into a topic and learn the fundamentals.

76 reviews

Beginner level

No prior experience required

5 hours to complete

Flexible schedule

Learn at your own pace

7 modules

Gain insight into a topic and learn the fundamentals.

76 reviews

Beginner level

No prior experience required

5 hours to complete

Flexible schedule

Learn at your own pace

Skills you'll gain

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

1 assignment

Taught in English

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Build your subject-matter expertise

This course is part of the Cyber Incident Response Specialization

When you enroll in this course, you'll also be enrolled in this Specialization.

Learn new concepts from industry experts
Gain a foundational understanding of a subject or tool
Develop job-relevant skills with hands-on projects
Earn a shareable career certificate

There are 7 modules in this course

The Cyber Incident Response course will give students an understanding of how incidents are responded to at a high level, as well as allow them to build important technical skills through the hands-on labs and projects.

Module details

The Preparation section of the module goes into some detail with common definitions and severity criteria, with special attention being paid to making sure the student understands that the severity criteria should be based on overall organizational definitions and procedures. The latter part of the module goes into the importance of asset inventory and identification as a basis for establishing severity criteria. All these pieces are required for proper preparation for any incident.

What's included

3 videos1 reading

The Identification section deals specifically with how incidents are identified, as well as the classification levels that incidents might fall within. It also reminds the student that these classification levels are established with input from upper management and the rest of the organization. We go into details of notifying the appropriate parties of the incident and how to do that properly. We end this course with a discussion of common tools and techniques.

What's included

4 videos1 reading

This section explores containment and the proper scoping and management of it. We examine the details of how to contain an incident and, more importantly, how to define what containment means. We also explore common containment tools.

What's included

4 videos1 reading

In the Investigation segment, you’ll learn the questions asked in normal investigations and how to properly answer them. You’ll explore the important data sources these answers are pulled from and the role this process plays in incident response overall.

What's included

3 videos1 reading

Dive into what it takes to remove threats from and environment after the threat has been contained. We’ll also take a look at how to verify the threat has been eradicated and address proper notification of eradication to other authorized parties. Lastly, we’ll discuss some common tools for eradication.

What's included

4 videos1 reading

This Recovery segment shows how we tie directly into business continuity and disaster recovery at this phase. We deal with how to restore systems in the least disruptive and most efficient way, as well as defining what constitutes "recovered."

What's included

4 videos1 reading

Look at validation and sign-off of recovery. The module looks at how to effectively assess how well the team responded. It also looks at implementing needed improvements and how to ingest feedback from the rest of the organization or even outside organizations.