- understanding issues and challenges in handling privilege compromise incidents
- detecting, analysing, and responding to various types of malicious activity such as the use of rootkits, botnets, and distributed denial of service attacks
- responding to insider threats and attacks
- handling major computer security events and incidents
- understanding the role of computer forensic analysis in incident handling
- performing artefact analysis
- understanding the fundamental causes of vulnerabilities
- analysing and coordinating response to reported vulnerabilities
- publishing effective CSIRT information
