This one-day course provides a consolidated view of information that is contained in two other CERT courses: Creating a CSIRT and Managing CSIRTs. Its main purpose is to highlight best practices in planning, implementing, operating, and evaluating a computer security incident response team (CSIRT).
The course will explore the relationship between CSIRTs, incident management, and security management and discuss how successful incident management requires an enterprise view and approach. It will present a process-based model for structuring incident management activities and also provide an introductory view of CSIRTs to anyone new in the field. Basic topics discuss the purpose and structure of CSIRTs and a high-level overview of the key issues and decisions that must be addressed in establishing and maintaining a CSIRT. Other topics include a discussion of CSIRT services as well as key policies, procedures, methods, tools, and infrastructure components that are needed to effectively operate a CSIRT.
This tutorial is designed to provide managers and other interested staff with an overview of the issues involved in creating and operating a CSIRT. It will also provide an introductory view of CSIRTs to anyone new to the field who is interested in what a CSIRT is and the type of activities a CSIRT performs. Interested attendees may include
No previous incident-handling experience is required.
This course has no prerequisites.
Participants will receive a course notebook and a downloadable copy of course materials.
This one day course meets at the following times:
9:00 a.m. - 5:00 p.m.
Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials.