Scribd
Upload
25 views16 pages

Training Mod1 CSIRT Fundamentals Lab Slides

Uploaded by

Ricardo Valverde
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
25 views16 pages

Training Mod1 CSIRT Fundamentals Lab Slides

Uploaded by

Ricardo Valverde
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 16

Lab for Module 1:

CSIRT Fundamentals
Copyright
Copyright © by Forum of Incident Response and Security Teams, Inc.

FIRST.Org is name under which Forum of Incident Response and Security Teams, Inc.
conducts business.

This training material is licensed under Creative Commons Attribution-Non-Commercial-


Share-Alike 4.0 (CC BY-NC-SA 4.0)

FIRST.Org makes no representation, express or implied, with regard to the accuracy of


the information contained in this material and cannot accept any legal responsibility or
liability for any errors or omissions that may be made.

All trademarks are property of their respective owners.

Permissions beyond the scope of this license may be available at [email protected]

Module 1, CSIRT Fundamentals., Version 1.1, © FIRST Inc.


Lab Introduction

• Open your Lab Student Guide


• Your instructor will guide you
through each step

Module 1, CSIRT Fundamentals., Version 1.1, © FIRST Inc.


Lab Scenario

• It is 1991 and Yugoslavia is splitting into multiple countries.


One of the new governments has asked you to set up a new
CSIRT for it. This CSIRT will have responsibility for protecting
the central governmental assets.
• Each team will address this fictional request and address
the questions presented during the lecture. Feel free to fill in
any blanks in knowledge with any scenario to which your
team agrees.

Module 1, CSIRT Fundamentals., Version 1.1, © FIRST Inc.


Think Through These Questions:
Defining the Need

Defining the Need


• Who is your constituency?
• What needs does the constituency have?
• What are the critical assets that must be protected?
• What types of incidents are frequently reported?
• What computer security problems exist?
• What is the current advanced warning/vulnerability
notification setup?

Module 1, CSIRT Fundamentals., Version 1.1, © FIRST Inc.


Think Through These Questions:
Defining Your Department

Defining Your Department


• What type of response is needed?
• What assistance and expertise is needed?
• What processes are required?
• What are your skills?
• What are your roles?

Module 1, CSIRT Fundamentals., Version 1.1, © FIRST Inc.


Think Through These Questions:
Preparing Your Budget

Preparing Your Budget


• What type of response is needed?
• What assistance and expertise is needed?
• What processes are required?
• What tools will be required?
• What is the entire budget?
• Is some of the budget moving from another department?
• What is the return on investment (ROI)?
• What are “soft costs,” such as brand damage and user
outages?

Module 1, CSIRT Fundamentals., Version 1.1, © FIRST Inc.


Answer These Questions

1. Write a mission statement for your new CSIRT.


2. Determine the proactive services your team will
perform.
3. List the first three procedures you will write as you
start building your CSIRT.
4. You can’t write a full business plan, but as a group,
address two of the items from the “Preparing Your
Budget” questions.
5. Often, determining the return on investment (ROI) is
the most difficult task. Create a hypothetical incident
for your new CSIRT and make a case for the cost of
that incident.

Module 1, CSIRT Fundamentals., Version 1.1, © FIRST Inc.


1. Write a mission statement

Keep these questions in mind about Defining the Need:


• Who is your constituency?
• What needs does the constituency have?
• What are the critical assets that must be protected?
• What types of incidents are frequently reported?
• What computer security problems exist?
• What is the current advanced warning/vulnerability notification
setup?
Answer this question:
1. Write a mission statement for your new CSIRT.

Module 1, CSIRT Fundamentals., Version 1.1, © FIRST Inc.


2. Identify proactive services

Keep these questions in mind about Defining Your Department:


• What type of response is needed?
• What assistance and expertise is needed?
• What processes are required?
• What are your skills?
• What are your roles?

Answer this question:

2. Determine the proactive services your team will perform.

Module 1, CSIRT Fundamentals., Version 1.1, © FIRST Inc.


3. List first procedures

Keep these questions in mind about Defining Your Department:

• What type of response is needed?


• What assistance and expertise is needed?
• What processes are required?
• What are your skills?
• What are your roles?
Answer this question:
3. List the first three procedures you will write as you start building

your CSIRT.

Module 1, CSIRT Fundamentals., Version 1.1, © FIRST Inc.


4. Answer budget questions

Keep these questions in mind about Preparing Your Budget:


• What type of response is needed?
• What assistance and expertise is needed?
• What processes are required?
• What tools will be required?
• What is the entire budget?
• Is some of the budget moving from another department?
• What is the ROI?
• What are “soft costs,” such as brand damage and user outages?

Answer this question:


4. You can’t write a full business plan, but as a group, address two of
the
items from the “Preparing Your Budget” questions.

Module 1, CSIRT Fundamentals., Version 1.1, © FIRST Inc.


5. Determine ROI

Keep these questions in mind about Preparing Your Budget:

• What type of response is needed?


• What assistance and expertise is needed?
• What processes are required?
• What tools will be required?
• What is the entire budget?
• Is some of the budget moving from another department?
• What is the ROI?
• What are “soft costs” such as brand damage and user outages?
Answer this question:

5. Often, determining the ROI is the most difficult task. Create a


hypothetical incident for your new CSIRT and make a case for the
cost of that incident.

Module 1, CSIRT Fundamentals., Version 1.1, © FIRST Inc.


Learning Check

How might a CSIRT for a


corporation function
differently than the CSIRT for
a country?

Module 1, CSIRT Fundamentals., Version 1.1, © FIRST Inc. Training Module 1, CSIRT Fundamentals, Version 1, © 2016 FIRST
Questions

Module 1, CSIRT Fundamentals., Version 1.1, © FIRST Inc.


Module 1, CSIRT Fundamentals., Version 1.1, © FIRST Inc.

You might also like