IR-200: Foundational Incident Response

IR-200: Foundational Incident Response

OffSec’s Foundational Incident Response (IR-200) course provides cybersecurity professionals with practical training to prepare for, identify, and handle security incidents effectively. The course focuses on core incident response concepts and explores how organizations manage and mitigate cyber threats in real-world situations. Participants will learn to understand the incident response lifecycle, develop comprehensive incident response plans, and utilize tools and techniques for efficient detection and analysis of security events.

Upon successfully completing the hands-on exam, Learners earn OffSec’s foundational incident response certification, the OSIR (Certified Incident Responder). This credential validates expertise in foundational incident response practices, positioning you as a valuable asset to incident response teams, Security Operations Centers (SOCs), and organizations committed to strengthening their cybersecurity defenses.

Starting with certifications new to the market in 2024, OffSec certifications will expire after 3 years.

OSIR Certification Badge

Starting at $1,749

Buy now Get a quote

Foundational Incident Response Syllabus

  • Incident Response Overview

    This module introduces the concepts of incident response with the main focus being NIST Special Publication 800-61.

  • Fundamentals of Incident Response

    This module covers the roles and responsibilities of incident response teams, and the main frameworks used by incident responders (CREST, SANS, NIST).

  • Phases of Incident Response

    NIST SP800-61 provides a four-phase model of Incident Response. This module describes what each phase of an incident response plan comprises.

  • Incident Response Communication Plans

    Learn about the value and contents of incident response communications plans, and review examples of good and bad external communications.

  • Common Attack Techniques

    This module covers opportunistic and targeted attacks.

  • Incident Detection and Identification

    This module covers the detection and analysis of malicious activities.

  • Initial Impact Assessment

    The first thing we need to do when a security incident occurs is an initial assessment of the scope and impact of the incident. This module covers the way in which this is accomplished.

  • Digital Forensics for Incident Responders

    This Module covers forensic measures and evidence handling considerations.

  • Incident Response Case Management

    This module covers case management theory with an IRIS lab.

  • Active Incident Containment

    This module covers how to isolate and neutralize detected threats. It explores techniques such as design-led isolation, dynamic containment during incidents, and addresses topics like isolation techniques, containment strategies, and their implications for businesses.

Download full course syllabus

Start learning with OffSec

Most
popular

Course + Cert
Exam Bundle

$1,749/once

The bundle includes 90 days of access to a single course, the associated labs and a single exam attempt.

Buy now
Best
value

Learn
One

$2,749/year*

One year of lab access alongside a single course plus two exam attempts.

Buy now
All
access

Learn
Unlimited

$6,099/year*

Unlimited OffSec Learning Library access plus unlimited exam attempts for one year.

Contact us
Large
teams

Learn
Enterprise

Get a quote

Flexible terms and volume discounts available.

Book a meeting
*Subscription auto-renews unless canceled.

IR-200 FAQ