State of the Practice of Computer Security Incident Response Teams (CSIRTs)

[Abstract] [Title Page] [Who is the CERT CSIRT Development Team and What Do They Do?] [Preface]
[Acknowledgements] [1 Introduction] [2 Computer Security Incident Response Teams] [3 Current State of the Practice of CSIRTs] [4 Summary] [5 Future Work] [6 Closing Remarks] [Appendix A: CSIRT Organizational Survey] [Appendix B: Comparison of Incident Response Steps and Processes] [Appendix C: Training Sources for CSIRTs] [Appendix D: Cyber Crime Law Resources] [Appendix E: Sample Incident Reporting Forms and Flowcharts] [Bibliography] [PDF File]

Appendix C: Training Sources for CSIRTs

The following list is a small sample of training sources for CSIRTs and incident handling. Many of these, and other sources, also provide training in related areas of computer forensics or information security. This is not a comprehensive list. Search the web, or follow the links from some of the sites below, to find other sources for relevant training for CSIRTs.

Incident Response Training

@stake - http://www.atstake.com/

@stake Academy
http://www.atstake.com/services/education/
Lecture and lab courses, including Incident Response and Forensic Readiness

Backbone Security - http://www.backbonesecurity.com/

Training
http://www.backbonesecurity.com/training/
Attack Postmortem

CERT Coordination Center - http://www.cert.org

CERT Training
http://www.cert.org/nav/index_gold.html

CSIRT Development
http://www.cert.org/csirts/
Courses include Creating a CSIRT, Overview of Managing CSIRTs,
Managing CSIRTs, Fundamentals of Incident Handling, and Advanced Incident Handling for Technical Staff

Computer Security Institute (CSI) - http://www.gocsi.com/

Annual Conference
http://www.gocsi.com/annual/
Conference sessions include Response Teams
CSI Training
http://www.gocsi.com/training/
CSI Information Security Seminars
http://www.gocsi.com/infosec/wkshop.html
Seminars include Intrusion Detection, Attacks, and Countermeasures and Practical Forensics: How to Manage IT Investigations

Forum of Incident Response and Security Teams (FIRST) - http://www.first.org/

FIRST Conferences
http://www.first.org/conference/

Foundstone - http://www.foundstone.com/

Education
http://www.foundstone.com/education/
Courses include Ultimate Hacking, Ultimate Web Hacking, and Ultimate Hacking: Incident Response/Forensics

Global Knowledge - http://www.globalknowledge.com/

Course Catalog
http://www.globalknowledge.com/training/training.asp
Includes classroom learning, virtual classroom e-learning, and self-paced e-learning

Course Catalog - Security
http://www.globalknowledge.com/training/category.asp?catid=191
Courses include Intrusion Detection and Forensics, Network Security, Wireless Security, and others

Free Web Seminars
http://www.globalknowledge.com/training/category.asp?catid=248
Various topics

LionTech IT Ltd. - http://www.liontech-it.com/

IT Training
http://www.liontech-it.com/training/
Courses and seminars, including Ethical Hacking/Penetrating Testing

Megamind, Institute for Advanced Technology Training - http://www.megamind.org/

Security Training
http://www.megamind.org/INFO/ptrain.html#ir
Courses include Incident Response and Intrusion Detection

MIS Training Institute - http://www.misti.com/

InfoSecurity Seminars, Conferences, Symposia, Briefings
http://www.misti.com/northamerica.asp?page=1&subpage=0

Incident Response
http://www.misti.com/northamerica.asp?disp=evfnd&srch=incident%20response

MIS Training Institute Online
http://www.misti-online.com/
Courses include Information Security courses

New Technologies Inc. (NTI) - http://www.forensics-intl.com/

Computer Forensics and Security Training
http://www.forensics-intl.com/training.html

PRESECURE - http://www.pre-secure.com/

Incident Response Teams Development and Training
http://www.pre-secure.com/ir/courses/

Red Siren - http://www.redsiren.com/

Information Security University

http://www.redsiren.com/
Online learning courses, including Incident Response and Introduction to Computer Investigations

SysAdmin, Audit, Network, Security (SANS) Institute - http://www.sans.org/

Computer Security Education and Information Security Training
SANS Online Training
http://www.sans.org/onlinetraining/
Courses include Hacker Techniques, Exploits, and Incident Handling

SANS Webcasts
http://www.sans.org/webcasts/
various topics

TheTrainingCo. - http://www.thetrainingco.com/

Techno-Security Seminars
http://www.thetrainingco.com/html/TechnoBriefings.html

Training of Network Security Incident Teams Staff (TRANSITS) - http://www.ist-transits.org/

TRANSITS is a three-year European project to provide Training of Network Security Incident Teams Staff. Organized by TERENA¹⁴⁹ and UKERNA,¹⁵⁰ and funded by the European Commission, TRANSITS will provide public domain CSIRT training course materials and will present CSIRT training workshops over various regions in Europe.

TRANSITS Training Workshop
http://www.ist-transits.org/events.php

Participation is limited, accepting only selected applicants.

General Information Security/Assurance

Higher Education -- Colleges and Universities

National Security Agency (NSA) - National INFOSEC Education & Training Program - http://www.nsa.gov

Centers of Academic Excellence in Information Assurance Education - http://www.nsa.gov/isso/programs/coeiae/index.htm
Announcement - http://www.nsa.gov

NSA Designates Centers of Academic Excellence in Information Assurance Education. Fifty universities have been designated as Centers of Academic Excellence in Information Assurance under the program:

Universities in the United States noted for their information security programs

Air Force Institute of Technology - http://www.afit.edu/

Auburn University - http://www.eng.auburn.edu/users/hamilton/security/

Capitol College - http://www.capitol-college.edu

Carnegie Mellon University - http://www.heinz.cmu.edu/

Drexel University - http://www.ece.drexel.edu/

East Stroudsburg University - http://www.esu.edu/cpsc/courses/scsebs_req.htm

Florida State University - http://www.cs.fsu.edu/infosec/

George Mason University - http://www.isse.gmu.edu/~csis/

George Washington University - http://www.seas.gwu.edu/~infosec/

Georgia Institute of Technology - http://www.cc.gatech.edu/

Idaho State University - http://security.isu.edu/

Indiana University of Pennsylvania - http://www.iup.edu/

Information Resources Management College of the National Defense University - http://www.ndu.edu/irmc/

Iowa State University - http://www.issl.org/

James Madison University - http://www.infosec.jmu.edu/

John Hopkins University - http://www.jhuisi.jhu.edu/

Mississippi State University

Naval Postgraduate School - http://cisr.nps.navy.mil/

New Jersey Institute of Technology - http://www.it.njit.edu/BSIT.htm

New Mexico Tech - http://www.cs.nmt.edu/

North Carolina State University - http://ecommerce.ncsu.edu/infosec/

Northeastern University - http://www.northeastern.edu/

Norwich University - http://www.norwich.edu/biz/cs/

Pennsylvania State University

Polytechnic - http://www.poly.edu/

Portland State University - http://www.cs.pdx.edu/

Purdue University - http://www.cerias.purdue.edu/

Stanford University

State University of New York, Buffalo - http://www.cse.buffalo.edu/caeiae/

State University of New York, Stony Brook - http://www.sunysb.edu/

Stevens Institute of Technology - http://www.cs.stevens-tech.edu/

Syracuse University - http://www.csa.syr.edu/

Texas A&M University - http://cias.tamu.edu/

Towson University - http://www.towson.edu/cait/

University of California at Davis - http://seclab.cs.ucdavis.edu/

University of Dallas - http://gsmweb.udallas.edu/info_assurance/

University of Idaho - http://www.csds.uidaho.edu/

University of Illinois at Urbana-Champaign - http://ciae.cs.uiuc.edu/

University of Maryland, Baltimore County - http://www.cisa.umbc.edu/

University of Maryland, University College - http://www.umuc.edu/

University of Massachusetts, Amherst - http://www.cs.umass.edu/

University of Nebraska at Omaha

University of North Carolina, Charlotte - http://www.sis.uncc.edu/LIISP/

University of Pennsylvania - http://www.upenn.edu/programs/

University of Texas, San Antonio - http://www.utsa.edu/

University of Tulsa - http://www.cis.utulsa.edu/

University of Virginia - http://www.seas.virginia.edu/

Walsh College - http://www.walshcollege.edu/pages/432.asp

U.S. Military Academy, West Point - http://www.itoc.usma.edu/

West Virginia University - http://www.lcsee.cemr.wvu.edu/

National Institute of Standards and Technology (NIST) - Computer Security Resource Center (CSRC) - http://csrc.nist.gov/

Training & Education
http://csrc.nist.gov/ATE/te_full.html

Academia Training and Education Programs
List includes most of the Centers of Academic Excellence in Information Assurance Education (above), plus other universities in other countries:

Queensland University of Technology (Australia) - Information Security Research Centre - http://www.isrc.qut.edu.au/

Stockholm University (Sweden) - SecLab - http://www.dsv.su.se/research/seclab/

University of Cambridge (UK) - Computer Security Group - http://www.cl.cam.ac.uk/Research/Security/

University of London (UK) - Royal Holloway - Information Security Group - http://www.isg.rhbnc.ac.uk/

Certification Organizations

Currently, there are few certification programs for CSIRTs. GIAC provides a certification for GIAC Certified Incident Handler (GIAH). Other certifications are available for Certified Information Systems Security Professional (CISSP) and Systems Security Certified Practitioner (SSCP). Technical certifications in other specific areas are widely available through various vendors (e.g., CISCO, Microsoft).

CERT Coordination Center - http://www.cert.org/

CERT^®-Certified Computer Security Incident Handler
http://www.cert.org/certification/

Global Information Assurance Certification (GIAC) - http://www.giac.org/

GIAC Certified Incident Handler (GCIH)
http://www.giac.org/GCIH.php
http://www.giac.org/subject_certs.php#GCIH

Other Security Certifications

CompTIA - http://www.comptia.org/

CompTIA Security+ Certification
http://www.comptia.org/certification/security/

Global Information Assurance Certification (GIAC) - http://www.giac.org/

Overview of Certifications - http://www.giac.org/certifications.php

Individual certifications include GIAC Security Essentials Certification (GSEC), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Forensic Analyst (GCFA), and more.

GIAC Security Expert (GSE)
http://www.giac.org/GSE.php

International Information Systems Security Certifications Consortium, Inc. (ISC)² - http://www.isc2.org/

Certification
http://www.isc2.org/cgi/content.cgi?category=3
Certified Information Systems Security Professional (CISSP) and Systems Security Certified Practitioner (SSCP)

TruSecure

TruSecure ICSA Practitioner Certification

TruSecure ICSA Certified Security Associate (TICSA)

Other Technical Training Resources

Learning Tree International - http://www.learningtree.com/

Security
http://www.learningtree.com/direct/ilt12.htm
Web-based training courses