Legal & Cooperation
- Establishing external contacts
- Cooperation with Law Enforcement Agencies - Advising in Cyber Crime Cases
- Assessing and Testing Communication Channels with CERTs and all their stakeholders
- Identifying and handling cyber-crime traces
- Incident handling and cooperation during phishing campaign
- Cooperation in the Area of Cybercrime
- Aspects of Cooperation between CSIRTs and Law Enforcement Agencies New
- Cooperation across CSIRTs, Law Enforcement Agencies and the judiciary
- Cooperation between CSIRTs and Law Enforcement: Behavioural Aspects
- Cooperation between CSIRTs and Law Enforcement: Legal and Organisational Aspects
- Cooperation between CSIRTs and Law Enforcement: Technical Aspects
- CERT participation in incident handling related to the Article 13a obligations
- CERT participation in incident handling related to the Article 4 obligations
Establishing external contacts
Target Audience |
Duration |
Download | |
---|---|---|---|
Managers and incident handlers. |
3 hours | ||
To enhance students’ skills in establishing contacts with other CERTs, administrators of ISPs, and other parties responsible for the mitigation of security incidents in their networks around the globe. |
Cooperation with Law Enforcement Agencies - Advising in Cyber Crime Cases
Target Audience |
Duration |
Download | |
---|---|---|---|
Technical and management CERT staff. |
5 hours |
| |
Explain a CERT’s role in advising in a cyber-crime case and the basis for its effective cooperation with an LEA. |
Assessing and Testing Communication Channels with CERTs and all their stakeholders
Target Audience |
Duration |
Download | |
---|---|---|---|
CERT incident responders of all experience levels. |
4 hours | ||
In this exercise, participants will discuss all fundamental concepts of the communication channels between CERTs and their constituents, other CERTs, law enforcement, management, public relations (PR), legal counsel, and all other stakeholders. Special attention is given to communications while under attack, and to the testing of communication channels as a means of safeguarding and improving them. |
Identifying and handling cyber-crime traces
Target Audience |
Duration |
Download | |
---|---|---|---|
CERT Staff. |
7 hours | ||
This task consists of 3 components: finding relevant information related to cybercrime in social media channels (based on Twitter examples), finding relevant information on IRC channels and analysing legal aspects of Internet monitoring activities related to cybercrime identification. The main objective is to teach trainees how to set up the basic system for continuous monitoring and alerting of various sources of information in terms of effective detection and warning for their constituencies based on the content. |
Incident handling and cooperation during phishing campaign
Target Audience |
Duration |
Download | |
---|---|---|---|
National CERTs, bank CERTs, CERTs for big companies or organisations. |
4 hours | ||
This task treats phishing on three levels: technical, organisational and legal. The purpose is to understand phishing campaigns better and understand how to resolve them in complex international contexts. |
Cooperation in the Area of Cybercrime
Target Audience |
Duration |
Download | |
---|---|---|---|
Incident responders of all experience levels. |
6 hours | ||
This task covers three different cybercrime related cases. All of them involve investigatory and legal aspects, but each of them requires participants to analyse them from different perspectives. All cases involve very common incidents for CERTs and organisations that could lead to law enforcement actions and court cases. Cooperation among the various parties involved is therefore essential and is the goal of this exercise – rather than exploring the techniques involved. |
Aspects of Cooperation between CSIRTs and Law Enforcement Agencies
Target Audience |
Duration |
Download | |
---|---|---|---|
CSIRTs (mainly national and governmental CSIRTs but not limited to them), LE as well as individuals and organisations with an interest in Cybersecurity. |
2-3 hours | ||
This training is developed to support CSIRTs (mainly national and governmental CSIRTs), law enforcement (LE) and the judiciary cooperating closer. It focuses on the interaction across these communities, the synergies and the potential interferences when responding to cybercrime. This report is also connected with the Report on CSIRT-LE Cooperation: study of roles and synergies among selected countries |
Cooperation across CSIRTs, Law Enforcement Agencies and the judiciary
Target Audience |
Duration |
Download | |
---|---|---|---|
CSIRTs (mainly national and governmental CSIRTs but not limited to them), LE, the judiciary (in particular prosecutors and judges) as well as individuals and organisations with an interest in Cybersecurity. |
4 hours | ||
Aspects of the cooperation across CSIRTs and LE by adding the important dimension of their interaction with the judiciary (prosecutors and judges) are presented covering areas such as data retention, sharing of personal data and confidentiality of criminal investigations as well as admissibility of digital evidence in criminal proceedings. |
Cooperation between CSIRTs and Law Enforcement: Behavioural Aspects
Target Audience |
Duration |
Download | |
---|---|---|---|
CSIRTs (mainly national and governmental CSIRTs but not limited to them), LE as well as individuals and organisations with an interest in Cybersecurity. |
4 hours | ||
Human behaviour is associated with communities’ organisational culture. Different approaches to problems, modi operandi, mentalities and ‘languages’ of the different communities are presented. |
Cooperation between CSIRTs and Law Enforcement: Legal and Organisational Aspects
Target Audience |
Duration |
Download | |
---|---|---|---|
CSIRTs (mainly national and governmental CSIRTs but not limited to them), LE as well as individuals and organisations with an interest in Cybersecurity. |
4 hours | ||
Challenges related to the diversity of legal systems and legal provisions of the Member States seem to set boundaries to information sharing between CSIRTs and LE. Legal and organisational challenges that need to be addressed for enhanced cooperation across the communities are presented. |
Cooperation between CSIRTs and Law Enforcement: Technical Aspects
Target Audience |
Duration |
Download | |
---|---|---|---|
CSIRTs (mainly national and governmental CSIRTs but not limited to them), LE as well as individuals and organisations with an interest in Cybersecurity. |
4 hours | ||
Technical cooperation between CSIRTs and LE is of great importance for fighting cybercrime. Ongoing efforts towards a broader adoption and use of a common taxonomy and common tools are presented. |
CERT participation in incident handling related to the Article 13a obligations
Target Audience |
Duration |
Download | |
---|---|---|---|
Incident handlers and CERT managers. |
3 hours | ||
Information about rules, procedures and best practice in handling incident related to obligation for internet service providers described in the Article 13a of the European Telecom Package. |
CERT participation in incident handling related to the Article 4 obligations
Target Audience |
Duration |
Download | |
---|---|---|---|
Incident handlers and CERT managers. |
2 hours | ||
Information about rules, procedures and best practices in incident handling related to personal data breaches. It is based on data breach notification requirements for the electronic communication sector introduced by the review of the ePrivacy Directive. The process of notification is parallel to normal incident handling process and it is part of it. |