NEWS AT SEI
This article was originally published in News at SEI on: March 1, 2002
Over the past two years, the number of security incidents reported to the CERT® Coordination Center has increased sharply. Incidents are occurring more frequently, and the resulting damage to systems and networks has been increasingly severe.
To help organizations protect themselves from and respond to network security threats, the SEI offers enterprise-wide training for organizations. The courses incorporate current trends and developments in network security and computer security incident response.
About the Courses
As opposed to technology-based point solutions, the courses approach information security, survivability, and risk from a broad perspective to provide a more comprehensive solution. Courses can be taken individually, or as part of a larger information security curriculum (see Figure 1).
These courses address the need to increase the numbers of managers and technical staff trained to incorporate security practices,” explains Barbara Laswell, manager of practices development and training. “Collaboration with strategic customers provides valuable real-world examples that drive development of the course content.”
Figure 1: Information Security Curriculum
Five courses derive from the work of the CERT Coordination Center, and provide introductory and advanced training for technical staff and managers of computer security incident response teams (CSIRTs):
- Creating a Computer Security Incident Response Team provides a high-level overview of the key issues and decisions that must be addressed when establishing a CSIRT.
- Overview of Managing Computer Security Incident Response Teams provides insight into the type and nature of the work that CSIRT managers and staff may be expected to handle. It also provides an overview of the incident-handling arena, the Internet and CSIRT environment, intruder threats, organizational interactions, and the nature of incident response activities.
- Managing Computer Security Incident Response Teams provides current and future managers of CSIRTs with a practical view of the issues they will face in operating an effective incident response team.
- Fundamentals of Incident Handling is designed for CSIRT technical personnel with little or no incident-handling experience. Through interactive instruction and practical exercises, the course provides insight into the type and nature of work that an incident handler typically performs.
- Advanced Incident Handling for Technical Staff is designed for CSIRT technical personnel with several months of incident-handling experience. Building on the methods and tools discussed in the fundamental course, this course focuses on practical exercises constructed around various incidents involving privileged compromises.
Broader Internet Security Issues
Three courses focus on broader Internet security issues designed to educate technical staff, policymakers, managers, and senior executives who are responsible for protecting information assets that are critical to their enterprise’s mission.
- Concepts and Trends in Information Security provides an overview of security issues, techniques, and trends related to the confidentiality, integrity, and availability of information assets on an organization’s computer systems.
- Information Security for Technical Staff provides attendees with practical techniques for protecting the security of an organization’s information assets and resources. Security issues, technologies, and recommended practices are addressed at increasing layers of complexity, starting with data security and progressing to host system security, network security, and Internet security.
- Survivability: A New Executive Perspective provides participants with a foundation for understanding the activities and resources required to address the information survivability needs of an organization.
The NSS Program is also offering a new course in support of the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Method.
The OCTAVE Method Training Workshop is designed for interdisciplinary analysis teams that will lead and perform information security risk evaluations for their organizations. The workshop covers the OCTAVE Method, preparation for implementing the method, and guidelines for tailoring the method to meet an organization’s unique needs.
As a result of implementing OCTAVE, enterprises may identify training needs related to the protection of critical information assets. For example, in one enterprise conducting an OCTAVE, the need arose to provide a common frame of reference for information security concepts across the organization. The NSS course Concepts and Trends in Information Security addressed this need.
Evolving to Meet Future Needs
To date, a variety of organizations from the United States and abroad have participated in the courses, including representatives from all of the critical infrastructure sectors. The SEI continues to work with strategic customers to create courses that serve the needs of the greater community.
Currently, the program is developing a Department of Defense-sponsored introductory level security and survivability course for system and network administrators. In addition, the program is collaborating with partners in law enforcement and the academic community to develop a computer forensics workshop for managers and technical staff from industry, academic, and law enforcement organizations. There is an acute need for these sectors to work together to collect, analyze, and preserve artifacts as well as to develop digital forensics methods related to electronic crime. Laswell explains, “By transitioning best practices through our courses, we help organizations protect against today’s threats, mitigate future threats, and improve the information assurance posture of organizations and their networked systems.”