Lesson 1: Assessment ofInformation Security Risks
Topic A: TheImportance of Risk Management
Topic B: Integrating Documentation into Risk Management
Lesson 2: Response to Cybersecurity Incidents
Topic A: Deployment ofIncident Handling and Response Architecture
Topic B: Containmentand Mitigation of Incidents
Topic C: Preparationfor Forensic Investigation as a CSIRT
Lesson 3: Investigating Cybersecurity Incidents
Topic A: Use a Forensic Investigation Plan
Topic B: Securely Collect and AnalyzeElectronic Evidence
Topic C: Follow Up on the Results of an Investigation
Lesson 4: Complying with Legislation
−Examples of Legislation (if this is covered in above topics, no need to include here) GDPR, HIPPA, Elections
−Case study: Incident Response and GDPR(Using GDPR legislation, create a response that is compliant with it
– this could be discussion-basedactivity as well.)
−StateLegislation Resources and Example – Search terms to find state legislation
−Using NYS as example use the NYS Privacy Response act or other legislation to create a similar case study as previous.
−Provide answers on when to use federal versus state and do you have to follow both?
Appendix C: Security Resources