Fundamentals of Incident Handling

	Dates	2009* Prices (USD)
	2009 Dates June 22-26, 2009 (SEI Arlington, VA) August 17-21, 2009 (SEI Arlington, VA) November 9-13, 2009 (CIC Bldg. Pittsburgh, PA) Course Registration Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Phone: 412 / 268-7388 FAX: 412 / 268-7401 Questions: courseregistration@sei.cmu.edu To Register: 2009 Click Here This course may also be offered by arrangement at customer sites. E-mail training-info@cert.org or call +1 412-268-9564 for details. *Course dates and fees are subject to change.	U.S. Course Fee: Industry: $2900 Government: $2300 Academic: $2300 International Course Fee: $5800 Register for 2009 Dates
	Course Description
	This five-day course is for computer security incident response team (CSIRT) technical staff who have little or no incident handling experience. It provides a basic introduction to the main incident handling tasks and critical thinking skills that will help an incident handler perform their daily work. It is recommended to those new to incident handling work. The course is designed to provide insight into the work that an incident handler may perform. It will provide an overview of the incident handling arena, including CSIRT services, intruder threats, and the nature of incident response activities. Course attendees will learn how to gather the information required to handle an incident; realize the importance of having and following pre-defined CSIRT policies and procedures; understand the technical issues relating to commonly reported attack types; perform analysis and response tasks for various sample incidents; apply critical thinking skills in responding to incidents, and identify potential problems to avoid while taking part in CSIRT work. The course incorporates interactive instruction, practical exercises, and role playing. Attendees have the opportunity to participate in sample incidents that they might face on a day-to-day basis. This course is part of the curriculum for the CERT-Certified Incident Handler program. After completing this course, participants are encouraged to attend the companion course, Advanced Incident Handling. Note: There is significant content overlap between the Fundamentals of Incident Handling course and the Managing CSIRTs course. We recommend that attendees register for one course or the other, but not both. The Fundamentals of Incident Handling course covers more technical topics such as email and malware attacks, PGP, and recognizing signs of attack. The Fundamentals of Incident Handling course is designed to introduce new incident handlers to the basic skills and processes they will need to perform incident handling work. The Managing CSIRTs course focuses on incident handling issues from an operational management perspective.
	Audience · Prerequisites · Objectives · Logistics
	AUDIENCE new CSIRT technical staff (one to three months of experience) experienced CSIRT staff who would like to benchmark their CSIRT processes and skill sets against best practices anyone who would like to learn about basic incident handling functions and activities PREREQUISITES Before registering for this course, participants must be familiar with Internet services and protocols. It is recommended but not required that participants have some experience with system administration for Windows or UNIX systems. TOPICS understanding the CSIRT environment and basic incident management processes CSIRT code of conduct understanding security tools and technologies used by CSIRTs identifying and gathering critical information recognizing signs of attacks detecting and analyzing incidents finding contact information coordinating response and disseminating information handling email and malicious code attacks working with law enforcement OBJECTIVES This course will help participants to recognize the importance of following well-defined processes, policies, and procedures understand the technical, communication, and coordination issues involved in providing a CSIRT service critically analyze and assess the impact of computer security incidents effectively build and coordinate response strategies for various types of computer security incidents Course Materials Participants will receive a course notebook and a CD containing the course materials. LOGISTICS Class Schedule This five-day course meets 9:00 a.m.-5:00 p.m.each day. Hotel and Travel Information Information about traveling to the SEI offices is available on our Travel and Lodging Web pages. Questions about this course? Please see our Frequently Asked Questions Web page for answers to some of the more common inquiries about SEI Education and Training. If you need more information, contact us via e-mail at training-info@cert.org or telephone at +1 412-268-9564.


	Related Products and Services
	Courses Managing Computer Security Incident Response Teams (CSIRTs) Creating a Computer Security Incident Response Team Advanced Incident Handling Information Security for Technical Staff Advanced Information Security for Technical Staff Publications US CERT Alerts Defining Incident Management Processes for CSIRTs The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management Handbook for Computer Security Incident Response Teams (CSIRTs), Second Edition Organizational Models for CSIRTs Handbook State of the Practice of CSIRTs Incident Management Capability Metrics Version Incident Management Mission Diagnostic Method Outsourcing Managed Security Practices Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors Governing for Enterprise Security Managing for Enterprise Security First Responders Guide to Computer Forensics Events Annual Computer Security Incident Handling Conference, sponsored by FIRST.ORG, Inc. Related Podcasts Tackling Security at the National Level: A Resource for Leaders The Real Secrets of Incident Management CSIRT Development Information CERT-Certified Incident Handler Certification CERT Training and Education
	Course Registration
	Register for 2009 Dates
^ TOP

	Course Offerings
	Prices
	Locations, Travel, and Lodging
	Cancellation Policy
	Courses FAQ
	Privacy Information (FERPA)
	Registration
	Contact Information
	Credentials Program
	SEI Certification