Investigating and responding to IT security incidents

Investigating and responding to IT security incidents

How prepared is your information technology (IT) department or administrator to handle security incidents? Many organizations learn how to respond to security incidents only after suffering attacks. By this time, incidents often become much more costly than needed. The question that every organization should ask is not if it is going to happen, but when it happens … am I ready to respond?

Proper incident response should be an integral part of your overall security policy and risk mitigation strategy. An incident response team assembled ad-hoc can do more harm than good taken into consideration that it is working under a lot of stress and time pressure.

This course will provide you with a recommended process and procedures to use when responding to intrusions identified within your organization and explain the value of forming a security incident response team with explicit team member roles as well as how to define a security incident response plan.


At the end of the course, the participants will be able to:

  • Identify the national legal framework and determine the necessity for compliance with international standards
  • Understand the steps for responding to security incidents in order to minimize their effects and improve the security countermeasures
  • Understand the best practices in investigating security incidents
  • Implement a system for managing IT security incidents
  • Take the necessary steps towards preventing similar incidents in the future


This course is addressed to the following categories:

  • Directors and managers of IT&C
  • IT Security Directors and managers
  • IT administrators and specialists
  • IT Security Officers
  • Persons responsible with business continuity and disaster recovery
  • Persons involved in risk management
  • IT auditors Association


The course addresses the following

  • Presenting the Romanian legislative framework
  • Identification of IT security incidents
  • The elaboration of the incident response plan
  • Establishing the incident response team
  • Investigating IT security incidents
  • Reporting and post incident analysis
  • Presenting practical means of responding to the most common types of incidents
  • Practical exercises


Claudiu IONESCU, IT Security Manager at OTP BANK ROMANIA S.A.

Claudiu Ionescu is the manager of the IT Security department at OTP BANK ROMANIA S.A. and has an extensive experience of more than 10 years in IT security. During his career he has gained extensive experience in different IT security projects, both in the financial sector as well as in the field of national security, which includes the implementation and management of incident response plans both in the public sector as well as in the private sector as well as auditing the incident response mechanisms for information systems which process, store or transmit classified information.

He has a master’s degree in Information Security from the Academy of Economic Studies in Bucharest and is certified CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager) and OSCP (Offensive Security Certified Practitioner) and a member of the IT&C Security Commission at Romanian Banking Association.

George DRAGUSIN, Information Security Officer, Eximbank

George Dragusin has a Law degree from the Nicolae Titulescu University and a master’s degree in Information Security from the Academy of Economic Studies, Bucharest. He has 10 years of experience in information tehnology field and for the last 5 years he coordinated the IT security unit for a financial institution in Romania. He was actively involved in the operationl area and he participated in the creation and implementation of incident response and disaster recovery plans. He is the Vicepresident of the IT&C Security Commission of the Romanian Banking Association and a board member of ISACA Romania chapter. He was a speaker at various security events and he participates each year at different security conferences both locally and abroad.

He holds different security certificates, CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control) and CCNA Security (Cisco Certified Network Associate Security).


The course lasts two days, 16 hours.


TBA, between 09:00 – 17:00.

RBI will hold the course at its headquarters, providing specialized lecturers, course support, materials and catering services required during the training days.

At the end of the course, participants will be given a certificate, issued by RBI (under the aegis of the founding members: NBR and RBA), with 14 CPD credits.


Anca Chiriţă
Phone: 0213275087


Formular de contact




Phone number*