CSX Practitioner: Respond and Recover

////CSX Practitioner: Respond and Recover

CSX Practitioner: Respond and Recover

Course ID: CSXPRAR 5 Days

CSX Practitioner: Respond and Recover


The final course in the CSX Practitioner series provides hands-on instruction in the Respond and Recover domains. With course lecture backed up by lab sequences, students will learn how to apply professional methodology to respond and recover from network incidents or disasters. Students will discover how to contain an event and protect assets and infrastructure, and learn the components and procedures required for a comprehensive incident response plan.

The Respond domain shows students the basic concepts, methods and tools required to draft and execute comprehensive incident response plans, provide proper isolation response documentation, and how to document and maintain information related to Incident Response.

In the Recover domain, students will master the basic concepts, methods and tools required to recuperate a system or network, as well as learn how to implement continuity and contingency plans.



The Respond and Recover course is ideal for individuals in the field of cybersecurity who are interested in gaining hands-on technical skills.





Instructor-led / Virtual Instructor-led

Thailand: Upon Request
India: USD3,500



  • IRP Component Assessment
  • Compromised Asset Containment
  • Incident Response Procedure Identification


The course provides students with an environment to discuss and practice methods implemented by cyber security professionals in the Identify and Protect domains. Students leave the course prepared to serve as complimentary team members for enterprises who are workforce ready.


Day 1:

Defined Response Plan Execution

Incident Response Escalation Procedures

LAB: Remove Trojan

System Adverse Effects to Incident Response

LAB: Open and Close Ports on Windows 7

Network Isolation

LAB: Disable User Accounts on Windows 7

Disable User Accounts

LAB: Block Incoming Traffic on Known Ports

Associated Topics

  • IR Reputation Databases
  • IR Procedure
  • Real Time Blacklists
  • Whitelists

Day 2:

Blocking Traffic

LAB: Implement Single System Changes

Assess and Unplug

LAB: Conduct Supplemental Monitoring

System Configuration Changes and Supplemental Monitoring

LAB: Create Custom Snort Rules

IR Documentation and Preservation

LAB: Install EMET and Edit Host Files

Incident Report

LAB: Comprehensive Assessment

Associated Topics

  • IR Procedure
  • IR Drafting
  • IR Frameworks

Day 3:

Industry Best Practices

Disaster Recovery and Business Continuity

Cyber System Restoration

Data Backup and Restoration Key Concepts

LAB: Patches and Updates

Associated Topics

  • Business Unit Integration
  • Third Party Connection Mechanisms
  • Warm Site/Cold Site Configurations
  • Data Preservation

Day 4:

Backup Site Preparation and Utilization

Data Managemen

Actualizing Data Backups and Recovery

Implementing Patches and Updates

LAB: Data Backup and Recovery

Associated Topics

  • Network Access Control
  • Data Loss Prevention
  • Encryption Controls

Day 5:

Ensuring Data Integrity

Deficiency and Error Reporting

Post Incident Review

Reset and Prep for Future Events

LAB: Recovering Data and Data Integrity Checks

Temporary Control and Fix Review and Implementation

Associated Topics

  • NIST Procedures
  • ISO Procedures
  • Team Input
  • AAR Generation

What’s Next

Subscribe to our mailing list for special offers and promotions.

Thank you! Your subscription has been confirmed. You'll hear from us soon.