Follow us
localhost ministere localhost isoc

Language

You are here: Home Agenda Training CSIRT Training

CSIRT Training

Introduction 

The Computer Security Incident Response Team (CSIRT) training course aims to develop the knowledge and skills of staff members of a CSIRT or those interested in joining such a team, or involved in creating such a team.

 

Pre-requisites

Trainees are typically experienced system, network or IT managers (Interested persons from other backgrounds are welcome to contact the organisers to discuss the suitability of the course for them). They are expected to have an awareness of the security issues involved in connecting computers to the Internet. They must be committed to using their skills to improve the security of computers and networks. For the technical side of the course, familiarity with the normal operation of TCP/IP networks, addresses, port numbers and protocols will be assumed.

The following modules are covered: 

CSIRT Organization

Describes how CSIRTs fit into their organisations: planning the CSIRT, defining the constituency of the team and gaining management authority for it, deciding the services the team will offer, working with those outside the organisation, staffing the CSIRT, funding. Participants will discuss their own organisation and how their team fits into it.

 

Technical Introduction

A basic introduction to the main attack vectors that malicious parties use to attack systems: intruders and their motivations, botnets, network protocols and how they can be abused, operating systems and services, types of vulnerability, information gathering, breaking in, hiding traces, denial-of-service attacks.

 

CSIRT Operations

Describes the facilities, systems and tools needed by CSIRTs to operate successfully: housing the CSIRT, equipment, e-mail, remote access, information and contacts, servers and networks, incident response plans and procedures, tracking systems. As an exercise participants will discuss and develop incident response plans for their own teams.

 

Legal Issues

 A high level overview of the areas of legislation that are likely to affect CSIRTs in their work and that team members need to be aware of: origins of computer legislation, problems, data protection, computer misuse, working with law enforcement, monitoring, evidence, European developments.