Establishing a Computer Security Incident Response Team

We will cover the establishment of a Computer Security Incident Response Team (CSIRT) in detail, including the involvement of individuals from all areas of your organization. Topics will include identifying the key steps for establishing notification procedures, recording/tracking of incidents, developing flowcharts, handling incident reporting and escalation procedures, collecting digital evidence, and reviewing forensic analysis rules of conduct. Table top and mock incident exercises will take place. Stimulating questions covering postincident discussion will engage you to help you get the most out of this learning opportunity. Incidents described will focus on best practices in developing a successful CSIRT within your organization.

OUTCOMES: Identify activities to establish a proficient CSIRT * Identify metrics to gauge the effectiveness of the CSIRT * Participate in hands-on activities to promote depth of learning/lessons learned