Incident Handling Courses

Incident Handling training helps managers, project leaders, CSIRT staff, and computer forensic professionals to create and manage CSIRTs, prepares incident handlers to respond to system compromises at the administrator level, teaches technical staff the best practices they can use for analyzing malicious code, and describes tools and best practices that can be used to support organizations' incident response and forensic analysis investigations.

Advanced Forensic Response and Analysis

The CERT Advanced Forensic Response and Analysis course is designed for computer forensic professionals who are looking to build on a solid knowledge base in incident response and forensic analysis. The goal of the course is to advance collection and processing skills of the students by outlining a structured process or flow to an incident response and intrusion investigation.

Advanced Incident Handling

This five-day course, designed for computer security incident response team (CSIRT) technical personnel with several months of incident handling experience, addresses techniques for detecting and responding to current and emerging computer security threats and attacks that are targeted at a variety of operating systems and architectures. Building on the methods and tools discussed in the Fundamentals of Incident Handling course, this course provides guidance that incident handlers can use in responding to system compromises at the privileged (root or administrator) level. Through interactive instruction, facilitated discussions, and group exercises, instructors help participants identify and analyze a set of events and then propose appropriate response strategies.

Creating a Computer Security Incident Response Team

This one-day course is designed for managers and project leaders who have been tasked with implementing a computer security incident response team (CSIRT). This course provides a high-level overview of the key issues and decisions that must be addressed in establishing a CSIRT. As part of the course, attendees will develop an action plan that can be used as a starting point in planning and implementing their CSIRT.

Fundamentals of Incident Handling

This five-day course is for computer security incident response team (CSIRT) technical personnel with little or no incident handling experience. It provides a basic introduction to the main incident handling tasks and critical thinking skills that will help an incident handler perform their job. This course is recommended to those new to incident handling work.

Malware Analysis Apprenticeship

This five-day hands on course provides participants with an opportunity to learn best practices for analyzing malicious code. In addition to classroom instruction and hands-on exercises, attendees will be given real-world malicious code samples to dissect. Participants will acquire a fundamental understanding of a variety of malware analysis tools and techniques which can directly support their organization's incident response efforts and increase performance in their functional role(s).

Managing Computer Security Incident Response Teams

This three-day course provides current and future managers of computer security incident response teams (CSIRTs) with a pragmatic view of the issues that they will face in operating an effective team. The course provides insight into the work that CSIRT staff may be expected to handle. The course also provides prospective or current managers with an overview of the incident handling process and the types of tools and infrastructure needed to be effective.

Overview of Creating and Managing CSIRTs

This one-day course provides a consolidated view of information that is contained in two other CERT courses: Creating a CSIRT and Managing CSIRTs. Its main purpose is to highlight best practices in planning, implementing, operating, and evaluating a computer security incident response team (CSIRT).

Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.