 |
2008 Dates
May 19-23, 2008 (CMU/CIC Bldg. Pittsburgh, PA)
June 9-13, 2008 (SEI Frankfurt, Germany)
September 8-12, 2008 (SEI Arlington, VA)
November 17-21, 2008 (CMU/CIC Bldg. Pittsburgh, PA)
Course Registration
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Phone: 412 / 268-7388
FAX: 412 / 268-7401
Questions: courseregistration@sei.cmu.edu
To Register: 2008 Click Here
This course
may also be
offered by arrangement at customer sites. E-mail
training-info@cert.org or call +1 412-268-9564 for details.
*Course dates and fees are subject to change.
|
U.S.
Course Fee:
Industry: $2750
Government: $2200
Academic: $2200
International
Course Fee:
$5500
Register for
2008 Dates
|
| |
This five-day course, designed for computer security incident response team (CSIRT) technical personnel with several months of incident handling experience, addresses techniques employed in detecting and responding to current and emerging computer security threats and attacks that are targeted against a variety of operating systems and architectures.
Building on the methods and tools discussed in the Fundamentals of Incident Handling course, this course provides guidance that incident handlers can use in responding to system compromises at the privileged (root or administrator) level. Through interactive instruction, facilitated discussions, and group exercises, instructors help participants identify and analyze a set of events and then propose appropriate response strategies.
Participants work as a team throughout the week to handle a series of escalating incidents that are presented as part of an ongoing scenario. Work includes team analysis of information and presentation of findings and response strategies. Participants also review broader aspects of CSIRT work such as artifact analysis; vulnerability handling; and the development of advisories, alerts, and management briefings.
This course is part of the curriculum for the CERT-Certified Incident Handler program. Before registering for this course, participants are encouraged to attend the companion course, Fundamentals of Incident Handling.
|
| |
AUDIENCE
- current computer security incident response team (CSIRT) technical staff with three to six months incident handling experience
- system and network administrators responsible for identifying and responding to security incidents
PREREQUISITES
Before registering for this course, it is recommended that participants attend the Fundamentals of Incident Handling course. It is also recommended that participants have the following:
- at least three months of incident handling experience
- an understanding of Internet services and protocols
- experience with the administration of Windows and Unix systems
- an understanding of basic programming concepts
- experience with various types of computer security attacks, response strategies, incident handling tools
It is recommended but not required that participants also have experience programming in C, Perl, Java, or similar languages.
TOPICS
- understanding issues and challenges in handling privilege compromise incidents
- detecting, analyzing, and responding to malicious code, distributed denial of service, and other common attacks
- understanding intruder rootkits
- handling major computer security events and incidents
- responding to insider threats and attacks
- performing artifact analysis
- understanding the role of computer forensic analysis in incident handling
- understanding the fundamental causes of vulnerabilities
- analyzing and coordinating response to reported vulnerabilities
- publishing effective CSIRT information
OBJECTIVES
This course will help participants to
- detect and characterize various attack types
- gain a practical understanding of various methods for analyzing artifacts left on a compromised system
- understand the complexity of and effectively respond to privileged and major events and incidents within your CSIRT
- obtain practical experience in the analysis of vulnerabilities and the coordination of vulnerability handling tasks
- formulate effective advisories, alerts, and management briefings
Course Materials
Participants will receive a course notebook and a CD containing the course materials.
LOGISTICS
Class Schedule
This five-day course meets at the following times:
Days 1-4, 9:00 a.m.-5:00 p.m.
Day 5, 9:00 a.m.-3:00 p.m.
Hotel and Travel Information
Information about traveling to the SEI offices is available on our
Travel and Lodging Web pages.
Questions about this course?
Please see our Frequently Asked Questions Web page for answers to some of the more common inquiries about SEI Education and Training.
If you need more information, contact us via e-mail at training-info@cert.org
or telephone at +1 412-268-9564.
|
