In order to enable an iCal export link, your account needs to have an API key created. This key enables other applications to access data from within Indico even when you are neither using nor logged into the Indico system yourself with the link provided. Once created, you can manage your key at any time by going to 'My Profile' and looking under the tab entitled 'HTTP API'. Further information about HTTP API keys can be found in the Indico documentation.
Additionally to having an API key associated with your account, exporting private event information requires the usage of a persistent signature. This enables API URLs which do not expire after a few minutes so while the setting is active, anyone in possession of the link provided can access the information. Due to this, it is extremely important that you keep these links private and for your use only. If you think someone else may have acquired access to a link using this key in the future, you must immediately create a new key pair on the 'My Profile' page under the 'HTTP API' and update the iCalendar links afterwards.
Permanent link for public information only:
Permanent link for all public and protected information:
familiarize participants with the incident management process in detail; how to improve incident handling techniques, best practices for publishing communications about incidents, working with the media, and testing and verifying incident management processes.
equip participants with skills to work with information sources to gather critical information, including open-source intelligence and proprietary intelligence as well as examining processes for information exchange.
expose participants to methods for incident coordination with a focus on how to handle major security events and coordinate incident responses with external entities such as vendors, law enforcement, and various types of organizations.
help participants establish methods to measure and improve the effectiveness of a CSIRT by using performance analysis and maturity models.
Target Audience: The training is intended for new security teams and NRENs that wish to start a CSIRT.
All participants will have to secure funds for their travel, including visa fees where applicable.
International participants will be provided with free accommodation from 26 March to 1 April 2017 in order to enable them to take part in the final conference of the TANDEM project on the afternoon of 29 March 2017 and at the WACREN 2017 conference held on 30-31 March 2017.
Lunches and coffee breaks will be provided for all participants for the duration of the workshop.
Applications from the ASREN and UbuntuNet Alliance regions are welcome and encouraged.
• Describe the incident management process
• Step through relevant tools, references, and technologies
• Identify causes of incidents
• Clarify how to respond to attacks
• Define best practices for publishing security bulletins and other communications
• Describe how to handle media issues
• Demonstrate how to test, verify, and improve incident management processes
• Practice responding to an incident
CSIRT Operation II
CSIRT Operation Labs
Working with Information Sources
• Categorize levels of information sources
• Identify methods for gathering and handling critical information
• Establish how to work with open-source and proprietary intelligence
• Define processes that allow information sharing and exchange
• Practice gathering information from various sources
• Identify methods for handling major security events
• Describe how to coordinate responses with other CSIRTs
• Define an incident coordination process
• Explain processes for working with vendors
• Clarify how to work with law enforcement
• Identify methods for working with organizations at various levels of influence
• Practice incident coordination steps
CSIRT Performance Measurement
• Define ways to measure and improve a CSIRT's effectiveness
• Clarify how to use performance analysis
• Use incident management issues and indicators to measure performance
• Describe a maturity model
• Identify evaluation models
• Practice measuring the performance of a CSIRT