This course was developed for organizations and individuals who are at the beginning of their planning and implementation process for creating a computer security incident response team or an incident management capability. This course begins with definitions and context for defining a CSIRT framework, followed by services that may be provided and building an action plan. An attendee workbook is included with questions and exercises to use in conjunction with the training.
- Understand the function of Computer Security Incident Response Teams (CSIRTs) and the philosophy behind them.
- Understand the role of CSIRT in the incident management process.
- Identify the requirements to establish an effective CSIRT.
- Appreciate the key issues and decisions that must be addressed when creating a CSIRT.
- Learn to strategically plan the development and implementation of your CSIRT.