TRANSITS I Preparation

visual_roman_I

The TRANSITS I training course is a 3-day introductory incident management course primarily aimed at less experienced incident handling personnel - or those working for such teams in less technical roles - who wish to gain a solid understanding in the main aspects of working in an incident management team, be it a CSIRT, SOC, ISAC or PSIRT.

In order to make the most of the course, here are some tips from our trainers.

Logistics

For our TF-CSIRT TRANSITS I courses, your accommodation for 3 nights (including breakfast), welcome drinks, lunches and one dinner are included.

Materials and Laptops

You can see the last stable version of the course materials here and you are of course free to review the materials before the course. Often, our trainers will modify some of the slides or add their own ideas: this is the power of a training given by real experts from the field.

You are encouraged to not use your laptop for work during the course – that way you will learn the most and get the best results from our training.

The course includes exercises throughout, including the PGP keysigning – please come prepared to participate.

Training Preparation

Ask yourself the following questions before the training, seen from your own perspective:

  • How does the “information security incident management” capability or team in your organisation or for your constituency (= the people/organisations the team works for) – that is, how do you prevent security incidents? And when they do happen, how do you detect and solve them – and who does what?
  • If a serious/critical incident happens, do you have enough options and resources to solve the problem? Do you know what you are allowed to do *and* what you are expected to do (or must do)? Does the higher leadership support your team when you need to take unpopular measures like filtering, or blocking, or when users or managers complain or get angry?
  • Is the leadership of your organisation aware of the challenge of security and security incidents, and do they understand and acknowledge that *they* and no one else are responsible for overall security? Do they appreciate that serious security flaws and incidents can have direct negative consequences for the primary process of the organisation, and all other processes?
  • Can your people who detect and solve security incidents (usually referred to as the CSIRT, CERT, SOC, NCSC, CDC or otherwise) quickly and effectively escalate to the following parties, in the case of critical incidents:
    • their own manager
    • the leadership of the organisation (highest level management)
    • the department of communication/PR
    • the legal department
  • Does this still work on weekends, in holidays, or when key people are on holiday or sick leave?
  • Do your incident response people have sufficient training to do their job well? Do they have enough resources to do so? Do they have the authority to skip what they're on and deal with a critical security incident when that happens?