- understanding the CSIRT environment and basic incident management processes
- CSIRT code of conduct
- understanding security tools and technologies used by CSIRTs
- identifying and gathering critical information
- recognising signs of attacks
- detecting and analysing incidents
- finding contact information
- coordinating response and disseminating information
- handling email and malicious code attacks
- working with law enforcement