7. Incidence Response

Label	KSAC Description		Bloom's Taxonomy Level
a	Understand the concept of Cybersecurity Operations Center (CSOC).	knowledge	2
b	Understand how network security is implemented in a Cybersecurity Operations Center (CSOC).	knowledge	2
c	Understand log filtering and aggregation.	knowledge	2
d	Understand SIEM technology.	knowledge	2
e	Understand the role of alert signatures.	knowledge	2
f	Run queries on event data.	ability	3
g	Understand forensics and chain of custody.	knowledge	2
h	Apply procedures and workflow of ticketing.	skill	3
i	Apply Situational awareness	skill	3
j	Apply Incident Response procedures (e.g. Preparation, Incident identification, Escalation and notification, Mitigation steps, Lessons learned, Reporting, Recovery procedures, First responder, Incident isolation, Quarantine, Device removal, Data breach).	skill	3
k	Construct a timeline of cybersecurity incident.	ability	3
l	Implement a recovery procedure.	skill	3
m	Conduct periodic cybersecurity training exercises.	skill	3
n	Differentiate between detection controls and prevention controls (e.g., IDS vs. IPS, Camera vs. guard).	knowledge	4
o	Create, edit and use roles and system management tools.	ability	3
p	Implement endpoint security.	skill	3
q	Implement Access Control Lists (ACL).	skill	3
r	Deploy a server hardening plan.	skill	3
s	Implement a Network Access Control (NAC) plan.	skill	3
t	Interpret alarms and alert trends.	knowledge	2
u	Differentiate between types of Penetration testing (e.g., Black box, White box, Gray box).	knowledge	4

Credentials