Building a Computer Security Incident Response Team (CSIRT) Information Security Summit 2015

Workshop Outline

The workshop informs trainees with the global perspective of CSIRT and local knowledge of security incident coordination. The workshop includes the following aspects with emphasis on human communication and group exercises.

• Organisation - how CSIRTs fit within an organisation, planning the team, defining its constituency and offered services, staffing, communicating with external parties, funding, and obtaining management authority
• Technical - how intruders attack systems and their motivations, how network protocols can be abused, vulnerabilities of operating systems and services, denial-of-service attacks, hiding traces, and information gathering techniques. Includes practical exercises.
• Operational - the incident handling process from initial reports, through triage, investigation, resolution, closure, to post-analysis. Includes practical exercises and a survey of useful tools.
• Legal - Covers areas of legislation likely to affect CSIRTs in their work, and that operatives should be familiar with. This includes data protection, computer misuse, network monitoring, collection of evidence, and working with law enforcement agencies.

Course Leader

Don Stikvoort (co-trainer Roland Cheung of HKCERT)

Don Stikvoort is Partner of m7, and director and co-founder of the companies “S-CURE” and “AVALON Coaching & NLP”. Don offers high level consultancy in the areas of identity management, and information and Internet security – in the latter area specializing in security incident management (CERT), governance/policy matters and translating theories and policies into real life! His client base is international (Europe, North America, Caribbean region, Asia-Pacific, Africa).

Don has worked in the security area for over 25 years. In 1988 he joined the Dutch national research network. He was among the pioneers who created the European Internet, RIPE, the European cooperation of CERTs (TF-CSIRT) and the NL domain registry from 1989 onwards. He was chairman of CERT-NL (now SURFcert) from 1992-1998. In 1998 he started his own company.

Don is actively involved in building and improving the CERT community in Europe and beyond, via TF-CSIRT and the Trusted Introducer, and cooperating with FIRST, APCERT and AfricaCERT. He has been and is the consortium leader for several EU ENISA information security projects. Board/management consultancy on information security, policies, governance and cybercrime issues complete his security portfolio. Don wrote ENISA’s best practice guide for trainers. Designing and giving trainings is one of his passions, and in that capacity Don has also been the head tutor for TRANSITS (European CERT training framework) since 2005. Don has many publications on CISRT. In 1998 he finished the "Handbook for Computer Security Incident Response Teams (CSIRTs)" together with Kossakowski and Moira J. West-Brown of CERT/CC. Don authored and taught several training modules for the CERT community, some of which are being used worldwide today. He wrote the SIM3 maturity model for CSIRTs, and recently authored the “CSIRT Maturity Kit” on behalf of NCSC-NL (see check.ncsc.nl).

Many CERTs were created with Don’s help and guidance, such as the Dutch national team NCSC-NL, university teams (CERT-RU), major hospitals (CERT-AMC) and multinationals (Philips). As second opinions, audits and maturity assessments of CSIRT have become a specialty, Don developed SIM3, a maturity model for CERTs to certify such teams in Europe today.

Mr. Roland Cheung, Consultant of HKCERT will work with the Don to relate the content to the local aspects of cyber security issues. HKCERT is the coordination centre of information security incidents in Hong Kong established in 2001. It has experience coordinating large scale incidents with multiple local and international agencies.
 

Kindly visit https://www.issummit.org/workshop10.asp for registration details. For enquiry, feel free to call 27885884 (Ms. Choy).