CSIRT/SOC establishment and modernisation

Registration

29 Oct 2024

26 Aug 2025

Event dates

02 Sep 2025

04 Sep 2025

Location

Global or multi-regional

Training topics

Cybersecurity

Training type

Online instructor led

Languages

English

Coordinators

Rūta Jašinskiene

Course level

Intermediate

Payment methods

Bank transfer

Event email contact

rj@nrdcs.lt

$500.00

Event organizer(s)

Description

The CSIRT/SOC Establishment and Modernisation course is training program specifically designed to help organisations to establish an effective CSIRT/SOC team. The course provides a detailed guidance on the CSIRT/SOC team mandate and covers all the key elements required for its successful establishment.

Our experienced instructors bring a wealth of knowledge and expertise to the course, drawing upon real-world cases to share the critical lessons learned. Through a combination of theory and practical exercises, participants will gain a clear and actionable understanding of how to build, modernize and manage a robust cybersecurity team.

The course is comprehensive and methodical, covering all essential aspects of setting up a CSIRT/SOC team. Practical tips and tasks are provided to help participants plan their day-to-day activities, identify the services to provide to constituents, set KPIs, and choose the right tools to achieve their goals.

Target population

Learning objectives

Methodology

Assessment and grading

Training details and instructional approach

Module 1: Cybersecurity Monitoring & Incident Response Teams

An overview of the different types of cybersecurity teams: similarities and differences. Essential elements for national incident handling capabilities. Use cases for centralized and decentralized models. Different CSIRT/SOC stacks.

Module 2: Process of Building the CSIRT or SOC Team

Detailed explanation what stages elements are mandatory and what must be done during these stages. Typical implementation roadmap drawing. Initial idea and purpose.

Module 3: CSIRT Mandate

What it is and what content: Authority given to a CSIRT to serve and act in their constituency. Responsibility for what a CSIRT will be accounted for. Requirements, Objectives, and Tasks.

Module 4: CSIRT Services

Best international practice for cybersecurity team services models. Services typical sets. What services in addition to incident management to introduce and how? Free or charged services.

Module 5: Incident Management

Incident management workflows and variations. CSIRTs alternatively use. Classification of incidents.

Module 6: Automation of CSIRTs and SOCs

Scrutiny of principal architecture for CSIRT stack, integrations and managerial (not technical) look into technologies, automation vs manual, and technology trends. RTIR, MISP etc.

Module 7: Applied Threat Intelligence

Introduction to and discussion about Cyber Threat Intelligence.

Module 8: Reporting

Simplified “6W” method: What (objectives and content), When (how often), how (attractiveness of report) ant to whom (the audience).

Module : Maturity Models of CSIRTs

Presentation of the best international models measuring the maturity of cybersecurity team: SIM3 model, SOC-CMM model. Various components of cybersecurity team maturity assessment, advice on how to use them and how they help in operational environment.

Use cases: Adjusting own growth to a reference model; Diagnosis and planning for improvement; Certification.

Module 10: Upskilling of People and Partnering

What skills are needed. How decrease the gaps between your team current competence level and desired level. Training plan. Overview of actual possible on the market training courses.

Guidance on partnerships. Best practices overview: service models and implementation guidelines.

Registration information

Document on registration information (English)

Unless specified otherwise, all ITU Academy training courses are open to all interested professionals, irrespective of their race, ethnicity, age, gender, religion, economic status and other diverse backgrounds. We strongly encourage registrations from female participants, and participants from developing countries. This includes least developed countries, small island developing states and landlocked developing countries.