Overview

OffSec’s Incident Response (IR-200) course provides cybersecurity professionals with practical training to prepare for, identify, and handle security incidents effectively. The course focuses on core incident response concepts and explores how organisations manage and mitigate cyber threats in real-world situations. Participants will learn to understand the incident response lifecycle, develop comprehensive incident response plans, and utilise tools and techniques for efficient detection and analysis of security events.

Upon successfully completing the hands-on exam, Learners earn the OffSec Certified Incident Responder (OSIR) certification. This credential validates expertise in foundational incident response practices, positioning you as a valuable asset to incident response teams, Security Operations Centres (SOCs), and organisations committed to strengthening their cybersecurity defences.

You will have 90 days access to your digital product, including videos, labs and exam voucher.

Read more +

Prerequisites

While there are no formal prerequisites, it’s strongly recommended that you have:

  • A solid foundation in TCP/IP networking
  • Familiarity with Linux and Windows operating systems
  • Basic understanding of cybersecurity concepts

We recommend the OffSec SEC-100 (CyberCore) for those new to cyber security.

The IR-200 course is designed for individuals seeking to build a strong foundation in incident response. It’s ideal for:

  • Aspiring incident responders
  • Security Operations Center (SOC) analysts
  • IT security specialists
  • Professionals aiming to transition into specialised cybersecurity roles focused on incident management
Read more +

Learning Outcomes

Upon completing IR-200 and successfully passing the OSIR exam, you’ll develop a strong foundation in:

  • Incident response concepts and methodologies
  • Preparation and planning for security incidents
  • Detection and analysis of security events
  • Containment, eradication, and recovery techniques
  • Post-incident activities and reporting
  • Practical skills applicable to roles in incident response, SOC analysis, and cybersecurity operations
Read more +

Outline

Topics covered in the Incident Response Course (IR-200)

  • Incident Response Overview

This module introduces the concepts of incident response with the main focus being NIST Special Publication 800-61.

  • Fundamentals of Incident Response

This module covers the roles and responsibilities of incident response teams, and the main frameworks used by incident responders (CREST, SANS, NIST).

  • Phases of Incident Response

NIST SP800-61 provides a four-phase model of Incident Response. This module describes what each phase comprises.

  • Incident Response Communication Plans

Learn about the value and contents of incident response communications plans, and review examples of good and bad external communications.

  • Common Attack Techniques

This module covers opportunistic and targeted attacks.

  • Incident Detection and Identification

This module covers the detection and analysis of malicious activities.

  • Initial Impact Assessment

The first thing we need to do when an incident occurs is an initial assessment of the scope and impact of the incident. This module covers the way in which this is accomplished.

  • Digital Forensics for Incident Responders

This Module covers forensic measures and evidence handling considerations.

  • Incident Response Case Management

This module covers case management theory with an IRIS lab.

  • Active Incident Containment

This module covers how to isolate and neutralise detected threats. It explores techniques such as design-led isolation, dynamic containment during incidents, and addresses topics like isolation techniques, containment strategies, and their implications for businesses.

Exam (included in your course)

The OffSec Certified Incident Responder (OSIR) exam is a proctored, 12-hour hands-on assessment of your foundational incident response knowledge and practical skills. You’ll demonstrate your ability to prepare for, detect, analyse, and respond to security incidents in a simulated environment that reflects real-world scenarios.

The OSIR certification expires three years after being awarded. Learners can maintain their OSIR designation by taking the recertification exam or completing the OffSec CPE program.

Read more +

What's included

  • Exam included
  • Online exam voucher
Read more +

Cyber Security learning paths

Want to boost your career in cyber security? Click on the roles below to see QA's learning pathways, specially designed to give you the skills to succeed.

= Required
= Certification
AI Security
Application Security
Cyber Blue Team
Cybersecurity Maturity Model Certification (CMMC)
Cloud Security
DFIR Digital Forensics & Incident Response
Industrial Controls & OT Security
Information Security Management
NIST Pathway
Offensive Security
Privacy Professional
Reverse Engineer
Secure Coding
Security Auditor
Security Architect
Security Risk
Security Tech Generalist
Vulnerability Assessment & Penetration Testing