This CSIRT course will help participants to:
- recognise the importance of establishing well-defined policies and procedures for incident management processes
- identify policies and procedures that should be established and implemented for a CSIRT
- understand incident management activities, including the types of activities and interactions that a CSIRT may perform
- learn about various processes involved in detecting, analysing, and responding to computer security events and incidents
- identify key components needed for protecting and sustaining CSIRT operations
- manage a responsive, effective team of computer security professionals
- evaluate CSIRT operations and identify performance gaps, risks, and needed improvements