ICS_202 – Security Incident Response Fundamentals

  • Vendor: OT/ICS
  • Class: 2 Days
  • Voucher: Yes
  • Certification: ICS Incident Response Certified
  • Exam Method: Exam In-Classs
  • 2 Days
  • Virtual - Live

Class Is Recorded with Unlimited Access for 90-Days

We Coach Until You Pass

100 % Exam Pass Guarantee

12-Additional Hours of Exam Review at No Charge


The ICS Security Incident Response Fundamentals course has been designed to provide those at a Practitioner or equivalent level with an understanding of the current cyber incident response challenges facing their ICS environments. This includes understanding what an Incident is and how this approach may differ in an ICS Environment. This would also benefit those participating in or engaging with an ICS Incident Response team for the first time. This knowledge is vital when managing all aspects of security incident response for those environments.

This course will show students how to best protect and support their organization’s cyber incident response process and provide an understanding of the stages of the IR process, including the information required to be able to create an effective IR plan (based upon the ICS4ICS processes). Template plans will be provided for students to complete and take away.

Benefits of Training at 327 Solutions

  1. Pass your exam, guaranteed (if you don’t pass, you’ll be coached until you do)
  2. Intensive Authorized Virtual-Live or Physical-Site Training
  3. YOUR live class is recorded and turned into eLearning with 3-months of access via the student portal


Session 1: Introduction to the Incident Handling Process

  • What is an Incident and an Event, and how do they differ?
  • What is Incident Response?
  • The challenges of ICS Incident Response
  • The IR lifecycle

Session 2: Preparation

  • Obtaining Leadership support
  • ICS IR Plans
  • Who gets involved?
  • What makes the CSIRT?
  • Jump Kit and Grab Bags

Session 3: Identification

  • Classification Levels
  • Managing the Information Flow
  • Evidence

Session 4: Containment

  • What is Containment?
  • Short-term Containment
  • Long-term Containment
  • Investigations

Session 5: Eradication

  • The main aims of eradication
  • Remove or restore?
  • Improvement after

Session 6: Recovery

  • Recovery Objectives
  • Validation
  • Post-Incident Monitoring

Session 7: Lessons Learned

  • The Report
  • Management Considerations
  • Bringing it all together

Upcoming Public Training

Upcoming Classes

Do not sell my info