This course focuses on the type and nature of work the CSIRTs may be expected to handle. It provides an overview of the incident response field, including the nature of incident response activities and an overview of the incident handling processes. The course focuses on foundation material, staffing issues, incident management processes, and other issues such as working with law enforcement, insider threat, and publishing information.
Learning Objectives
- Provide an overview of the incident response arena, the nature of incident response activities, and incident handling processes.
- Guide learners to understand technical issues from a management perspective, problems and pitfalls to avoid, and best practices where applicable.
- Emphasize the importance of CSIRT management predefined policies and procedures.
- Discuss what is needed to operate an effective CSIRT.
Framework Connections
Specialty Areas
- All-Source Analysis
- Threat Analysis
- Cyber Investigation