26–30 Nov 2018
Centre for Information Technology and Systems (CITS), University of Lagos
Africa/Accra timezone

Programme

This event will provide TRANSITS I training, a maturity building model and kick-off a community-driven initiative for trusted infrastructure services for accredited security teams so they can have up-to-date and reliable information to coordinate actions and collaborate whenever needed.

The regional trust circle envisaged will be modelled on the Trusted Introducer Service - a.k.a. TI - established by the European CERT community in 2000 to address common needs and build a service infrastructure to provide vital support and a trusted clearinghouse for all security and incident response teams.

The TRANSITS I course will deal with the operational, organisational, technical and legal aspects of incident response.  It is aimed at professionals who are either members (or future members) of existing computer security teams or who will be involved in building such a team within their own organisation.

The objectives of the course are:

  • Understand where CSIRTs fit into the organisation
  • Understand the tasks and tools that are necessary to perform their function
  • Develop and practice the skills that are needed by a CSIRT team member
  • Understand the external issues (both legal and technical) that may affect the operation of a CSIRT.

The course consists of four tracks and an informal evening session. Some of these include exercises that the trainees will complete and discuss, while others will include time for discussion among the whole class.  The tracks are:

 

  • CSIRT Organisation

    Describes how CSIRTs fit into their organisations: planning the CSIRT, defining the constituency of the team and gaining management authority for it, deciding the services the team will offer, working with those outside the organisation, staffing the CSIRT, funding. Students will discuss their own organisation and how their team fits into it.

  • Technical Introduction

    A basic introduction to the main attack vectors that malicious parties use to attack systems: intruders and their motivations, botnets, network protocols and how they can be abused, operating systems and services, types of vulnerability, information gathering, breaking in, hiding traces, denial-of-service attacks.

  • CSIRT Operations

    Describes the facilities, systems and tools needed by CSIRTs to operate successfully: housing the CSIRT, equipment, e-mail, remote access, information and contacts, servers and networks, incident response plans and procedures, tracking systems. As an exercise students will discuss and develop incident response plans for their own teams.

  • Legal Issues

    A high level overview of the areas of legislation that are likely to affect CSIRTs in their work and that team members need to be aware of: origins of computer legislation, problems, data protection, computer misuse, working with law enforcement, monitoring, evidence, African and global developments.