Operational
- Incident handling during an attack on Critical Information Infrastructure
- Advanced Persistent Threat incident handling
- Social networks used as an attack vector for targeted attacks
- Writing Security Advisories
- Cost of ICT incident
- Incident handling in live role playing
- Incident handling in the cloud
- Large scale incident handling
Incident handling during an attack on Critical Information Infrastructure
 |
Target Audience |
Duration |
Download |
|---|---|---|---|
|
Incident handlers, incident management staff, technical CERT staff. |
5 hours | ||
|
Make CERT members aware of requirements during incident handling in CII/SCADA environments. | |||
Advanced Persistent Threat incident handling
 |
Target Audience |
Duration |
Download |
|---|---|---|---|
|
Incident handlers and technical CERT staff. |
3 hours | ||
|
This task provides students with information about methods commonly used by attackers during the Advanced Persistent Threat (APT) attacks as well as methods of discovering and protecting internal resources against these attacks. Examples used in the exercise are based on real incidents and observations. The objective is also to involve participants in creative approaches to building CERT capability to deal effectively with and resolve the problem of APT attacks within an organisation. | |||
Social networks used as an attack vector for targeted attacks
 |
Target Audience |
Duration |
Download |
|---|---|---|---|
|
Incident handlers and technical CERT staff. |
3 hours | ||
|
In this task, participants will investigate the vulnerabilities of social networks, using an Advanced Persistent Threat scenario as a test case to illustrate some examples of social network compromises. They will also examine the capabilities of social networks to respond to these kinds of threats. | |||
Writing Security Advisories
 |
Target Audience |
Duration |
Download |
|---|---|---|---|
|
Technical and management CERT staff. |
4 hours | ||
|
The objective of the exercise is to provide a practical overview of what constitutes a good and a bad advisory publication for a CERT constituency. | |||
Cost of ICT incident
 |
Target Audience |
Duration |
Download |
|---|---|---|---|
|
Managers of CERT staff, incident handlers who have to estimate losses. |
2 hours | ||
|
Make the CERT team familiar with one solution for estimating the costs of different information security incidents. | |||
Incident handling in live role playing
 |
Target Audience |
Duration |
Download |
|---|---|---|---|
|
Future CERT members. |
3 hours | ||
|
Simulate a real-life incident, involving many parties with conflicts of interests, different mindsets and legal frameworks, etc. With the introduction of such aspects as vulnerability handling, responsible disclosure and company security management, it helps the students to understand why incident handling is, in many cases, a complex task and what kinds of technical and social skills are required for this job. | |||
Incident handling in the cloud
 |
Target Audience |
Duration |
Download |
|---|---|---|---|
|
Incident responders of all experience levels. |
4 hours | ||
|
Investigate methods to address cloud-based security vulnerabilities through a scenario where data is not always fixed to one physical server or location. | |||
Large scale incident handling
 |
Target Audience |
Duration |
Download |
|---|---|---|---|
|
CERT incident handlers. |
5 hours | ||
|
Teach incident handlers the key information and actions required for the successful resolution of large-scale incidents. | |||
-
2020 Report on CSIRT-LE Cooperation: study of roles and synergies among selected countriesThe purpose of this report is to further explore and support the cooperation between computer security incident response teams (CSIRTs), in...
-
Roadmap on the cooperation between CSIRTS and LEThe purpose of this roadmap is to further explore the cooperation across computer security incident response teams (CSIRTs) in particular with...