Incident Response and Recovery Course

Domain 4 explores the incident response process framework that organizations establish for the detection, mitigation and remediation of security incidents.

50 minutes

Course description

The establishment of an incident response process will ensure that an organization can recover following the identification of a security incident. And while all alerts are not considered incidents, this section focuses on how to properly identify an security event in order to potentially declare it as an incident. In this course, you will learn how to truly define security incidents versus security events.


Business continuity and disaster recovery plans

Video - 00:10:00

An overview of how businesses prepare for business continuity in the event of an incident or disaster.
Basics of forensic investigations

Video - 00:10:00

An overview of how forensic analysis is used to support incident response and incident investigations.
Understanding the incident response life cycle

Video - 00:27:00

An overview of how security incidents are managed and a look at the incident response life cycle.
SSCP Domain 4 Quiz

Assessment - 5 questions

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • Exploitation Analyst
  • Law Enforcement / Counterintelligence Forensics Analyst
  • Cyber Defense Forensics Analyst

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Award-winning training you can trust