Module 1: Cybersecurity Monitoring & Incident Response Teams
An overview of the different types of cybersecurity teams: similarities and differences. Essential elements for national incident handling capabilities. Use cases for centralized and decentralized models. Different CSIRT/SOC stacks.
Module 2: Process of Building the CSIRT or SOC Team
Detailed explanation what stages elements are mandatory and what must be done during these stages. Typical implementation roadmap drawing. Initial idea and purpose.
Module 3: CSIRT Mandate
What it is and what content: Authority given to a CSIRT to serve and act in their constituency. Responsibility for what a CSIRT will be accounted for. Requirements, Objectives, and Tasks.
Module 4: CSIRT Services
Best international practice for cybersecurity team services models. Services typical sets. What services in addition to incident management to introduce and how? Free or charged services.
Module 5: Incident Management
Incident management workflows and variations. CSIRTs alternatively use. Classification of incidents.
Module 6: Automation of CSIRTs and SOCs
Scrutiny of principal architecture for CSIRT stack, integrations and managerial (not technical) look into technologies, automation vs manual, and technology trends. RTIR, MISP etc.
Module 7: Applied Threat Intelligence
Introduction to and discussion about Cyber Threat Intelligence.
Module 8: Reporting
Simplified “6W” method: What (objectives and content), When (how often), how (attractiveness of report) ant to whom (the audience).
Module : Maturity Models of CSIRTs
Presentation of the best international models measuring the maturity of cybersecurity team: SIM3 model, SOC-CMM model. Various components of cybersecurity team maturity assessment, advice on how to use them and how they help in operational environment.
Use cases: Adjusting own growth to a reference model; Diagnosis and planning for improvement; Certification.
Module 10: Upskilling of People and Partnering
What skills are needed. How decrease the gaps between your team current competence level and desired level. Training plan. Overview of actual possible on the market training courses.
Guidance on partnerships. Best practices overview: service models and implementation guidelines.