This course is targeted at security practitioners from ISPs, enterprises, government or academia who are setting up an organisational or national CSIRT or SOC. It covers the fundamentals of establishing a CSIRT, the functions of a CSIRT, and how to operate a CSIRT efficiently. Topics include:
- CSIRT structure / organisation
- CSIRT services
- Threat landscape
- IR procedures
- IR tracking systems
- IR legal issues
- Handling common incidents (phishing, DDoS, malware etc)
- CSIRT staffing
- CSIRT internal infrastructure
- CSIRT communications (email, hotlines, IRC, encryption, formatting, incident reporting)
- Analysis tools (log files, network queries, malware)