This course focuses on what is needed to create and operate a Computer Security Incident Response Team (CSIRT). The intended audience is individuals tasked with creating a CSIRT and those who may be new to CSIRT issues and processes. Objectives within the course include the benefits and limitations of a CSIRT, CSIRT requirements, services, common policies and procedures, and operational best practices. Previous incident handling experience is not required to partake in this course.
- Identify managerial, organizational, procedural, and operational issues regarding the CSIRT role and function.
- Describe the issues involved with creating and operating a CSIRT.
- Discuss specific topics regarding CSIRT benefits and limitations, requirements and framework, services, policies and procedures, and operational best practices.