Home

Operating A Computer Security Incident Response Team (CSIRT) Training

Training Description:

Also known as a computer incident response team (CIRT) or a computer emergency response team (CERT), a CSIRT is a group of empowered people to look after computer security incidents. Being part of the overall risk management strategy of an organization, the goal of a CSIRT is to engage with corrective measures against harmful incidents as quickly as possible when every second counts.

A CSIRT is a necessary component of every business that uses IT to significant levels. Organizations find CSIRTs are critical to their operations due to growing amounts of harmful incidents caused by internal and/or external parties and also by their partners. Furthermore, business continuity of an organization without a CSIRT in place is a serious lapse.

This training covers A-to-Z of CSIRT starting from identifying the needs for a CSIRT, formation, operation, performance measurement and continuous improvement.

Training Objectives:

At the end of the training, participants will be able to
  1. Formulate and operate an effective CSIRT in their organizations
  2. Be effective members of the CSIRT (Applicable to present and candidate CSIRT members)
  3. Measure and improve the performance of CSIRTs

Target Groups:

  1. Risk management and IT staff of organizations interested in forming and/or overseeing CSIRTs.
  2. IT staff of organizations interested in being members of CSIRTs.
  3. Present CSIRT members in need of expanding their knowledge contours.
  4. Read "Do I fit for that training?" if you are interested, but need help to determine whether you should participate or not.

Prerequisites:

  1. No special prerequisites exist. Being into risk management of an organization or engaged with IT operations would be an advantage.

Communication Language:

English

Duration:

4 days (32 hours)

Facilitator:

Kamal Wickramanayake (Profile)

Notes:

  1. Participants will be provided with material (templates, processes, structures, rules, guidelines,...) that they may use to quickly setup and efficiently operate a CSIRT.
  2. This training includes exercises but will be delivered without computers.

Training Content:

  1. Introduction
    • What is a CSIRT?
    • Why organizations need CSIRTs?
    • Function of a CSIRT
  2. Formulating A CSIRT
    • Defining the mission
    • Defining policies, procedures
    • Team organization and staffing
    • Defining the range and levels of services
    • Organizational regulations, legal compliance and flexibility requirements
    • Working through organizational politics
  3. Responding To Emergencies
    • Triage
    • Incident life cycle
    • Technical expertise
    • Tools and techniques
    • Communication practices
    • Postmortem
  4. Managing The CSIRT
    • CSIRT protection plan
    • Professionalism
    • Continuity
    • Hiring staff, arrival and exit procedures
    • Training staff
    • Retaining staff
    • Avoiding burnout
  5. Process Improvement/Performance
    • Process improvement
    • Sharing knowledge
    • What should be measured for performance and why?
    • Methods of performance measurement
    • Benchmarking a CSIRT

Trainings over the Internet