Workshop on Computer Security Incident Response Team (CSIRT)
Since the inception, TRANSITS has trained over a thousand security professionals in the European region. Many more have benefited from the third-party courses organized elsewhere around the world. Over the years, operatives have been trained for commercial, governmental, military and national CSIRTs, as well as those in the research and education sector. A number of participants have gone on to become TRANSITS trainers themselves, passing on their knowledge within their own regions and countries.
There are two levels of TRANSITS Training- basic (TRANSITS I) and advanced (TRANSITS II).
TRANSITS I course is aimed at new or potential CSIRT personnel who wish to gain a solid understanding of the main aspects of working in an incident handling and response team. It offers experience and expertise in Operational, Organizational, Legal and Technical areas which form knowledge basis for CSIRT personnel.
- Organizational – covers how CSIRTs fit within their organizations and includes planning the team, defining its constituency, determining which services to offer, staffing, communicating with external parties, funding, and obtaining management authority.
- Technical – covers how intruders attack systems and their motivations, how network protocols can be abused, vulnerabilities of operating systems and services, denial-of-service attacks, hiding traces, and information gathering techniques. Includes several practical exercises.
- Operational – covers the incident handling process from initial reports, through triage, investigation, resolution, closure, to post-analysis. Includes practical exercises and a survey of useful tools.
- Legal – covers areas of European legislation likely to affect CSIRTs in their work, and that operatives should be familiar with. This includes data protection, computer misuse, network monitoring, collection of evidence, and working with law enforcement agencies.
Other topics such as PGP keys and relevant RFCs are also covered during the course.
TRANSITS I offers participants a unique opportunity to mix with their peers and discuss security issues in a secured and trusted environment, whilst being tutored by seasoned experts of the European CSIRT community. The course is open to individuals currently working for a CSIRT or network security related organization, and those with bona-fide interest in establishing a CSIRT. Applications are also welcome from commercial, governmental, law enforcement and military organizations, as well as national research and education networks (NRENs) and research and education institutes.
|Time||DAY 1||DAY 2|
Group Exercise & PGP Key Signing
Typical participants are usually experienced IT professionals with the growing interest and professional need to become system or network security experts. Familiarity with Internet protocols, addresses and port numbers is assumed. The basic expectation is that all participants are aware of security issues involved in connecting computers to the Internet and are committed to using their skills to improve the security of computers and networks. Individuals from other backgrounds and with other interests are welcome to contact the organisers to discuss their suitability for the course.