Description
1 day
€ 805,- plus VAT
10 people
What you can expect from
ICS.222 OT Incident Handling Essentials
Focus on special topics with practical relevance
Whether incident handling, security assessments, or standards such as IEC 62443, Additions training courses focus on topics that often make a difference in professional practice.
Comprehensive knowledge – acquired in a single day
The training courses are deliberately kept compact and convey in-depth knowledge in a short period of time that can be immediately applied in everyday work.
Industry experience – directly from the experts
Our trainers bring real-life war stories, lessons learned, and best practices from OT projects to the table—for training that is not only theoretically convincing.
You are on the search for an individual In-house training for your team?
Take your OT security know-how to the next level.
What you will learn during this training course
Structured along the incident handling lifecycle
The training ICS.222 OT Incident Handling Essentials provides practical knowledge for the effective management of incidents in industrial control systems (OT). The content is based on the proven Incident Handling Lifecycle according to NIST SP 800-61 Rev. 2. This lifecycle is divided into four central phases, which are systematically covered in the training:
Source: Cichonski, P. et al, “NIST Special Publication 800-61 Revision 2 – Computer Security Incident Handling Guide”, NIST, August 2012, p. 21
1. Preparation
- Introduction to incident handling
- Basics and terms
- OT incident handling
- Preventive measures
- Incident Handling Policy & Plan
- Incident Report Template
2. Detection & Analysis
- Typical types of indicators (IoC & IoA)
- Sources for alerts (e.g. firewalls, IDS/IPS, SIEM)
- Use of MITRE ATT&CK in the OT context
- Hands-on: Analysis of a realistic OT incident
3. Containment, Eradication & Recovery
- Strategies for damage limitation
- Techniques for removing malware and attackers
- Recovery of affected systems
- Securing evidence
- Root Cause Analysis
4. Post-incident activities
- Lessons Learned Meetings
- Creation of an incident report
- Derivation of metrics and improvement measures
- Communication with stakeholders
- Mapping to MITRE ATT&CK
After the training, the participants have
- improved their ability to recognize security incidents in OT early
- developed a clear understanding of the proper way to deal with incidents in the OT environment
- gained knowledge of the preparatory measures required in their own OT operations for dealing with security incidents
What others say
Training highlights of the
ICS.222 OT Incident Handling Essentials
In ICS.222 OT Incident Handling Essentials, you take on the role of an experienced investigator! Based on internationally recognized incident handling guidelines (NIST SP 800-61), you and your colleagues will uncover step by step what happened one night at the fictitious energy supply company Strööm Inc. Using indicators that are modeled on real malware campaigns, you will deepen the content of the incident handling phases “Preparation”, “Detection & Analysis”, “Containment, Eradication & Recovery” and “Post-Incident Activity” learned in the theoretical parts in a practical way.
Get to know our
trainers
Nino Fürthauer
supports customers as a penetration tester to better secure web applications, infrastructure and systems against attacks. As pro duct owner for the certification trainings offered by Limes Security in cooperation with TÜV Austria, he places special emphasis on every little detail.
Thomas Brandstetter
is our „broad-spectrum antibiotic“ against security ignorance. As a Stuxnet Incident Handler and former head of Siemens ProductCERT, he knows industrial security from all life-cycle phases. He is Professor of IT and OT Security at the University of Applied Sciences St. Pölten and is certified for CISSP, GSEC, GICSP and GRID.
