Menu
Contact US

Building and Managing a CSIRT Team in Government 

Course Format: Online

Program Language: Arabic

Entry requirements

Leadership & Strategic

15 hours (distributed over 3 days)

Information Security Managers, Response Team Leaders

Admission Requirements

Experience in the cybersecurity field
Understanding the basics of security incident handling
Completion of previous level programs

Introduction to Incident Response Teams (CSIRT/CERT)

  • Definition of CSIRT and CERT and the difference between them

    Computer Security Incident Response Team vs. Computer Emergency Response Team

  • The importance of response teams in the government sector

    Rapid and effective protection of critical services

  • Types of response teams

    Internal, external, national, and sector-specific teams

  • Examples of successful government response teams

    International experiences such as US-CERT and NCSC

  • Services provided by the CSIRT team

    Reactive services (response), proactive services (warning), and general security services

CSIRT Structure and Organization

  • From analysis to operation through 5 key stages
  • Different roles within the team: Analyst, Engineer, Coordinator
  • Technical, managerial, and soft skills
  • Team charter, team policies, and Service Level Agreements (SLA)
  • Collaboration with the Security Operations Center (SOC), telecommunications regulatory authority, and security agencies

Security Incident Handling Methodologies

  • Preparation, Detection, Analysis, Containment, Eradication, Recovery, and Lessons Learned
  • Preparing team tools and equipment
  • Determining if it is a security event or an incident
  • Short-term and long-term procedures for incident containment
  • Lessons learned and process improvement

IR Tools and Tech

  • TheHive, RTIR, Jira Service Management
  • Autopsy, FTK Imager, EnCase
  • Wireshark, tcpdump, NetworkMiner
  • MISP platforms and others for sharing indicators
  • Setting up a secure lab for malware analysis

Team Performance & Improvement

  • Time to Detect, Contain, and Recover
  • Incident reports and trend analysis
  • Tabletop exercises and breach simulations
  • Professional certifications and training courses
  • Maturity model and its levels

Program Completion Certificate

After completing all course requirements, you can apply to receive an accredited Certificate of Completion from Ru’ya Academy for Leadership and Technology.

Click here to request the certificate