icon-carat-right menu search cmu-wordmark

Developing a National or Government CSIRT

This course focuses on the key decisions and considerations encountered when developing a national or government CSIRT. It discusses the basic components of CSIRTs in general and highlights the characteristics that make national or government versions of CSIRTs unique. Topics covered include capabilities and functions of each entity type, working with stakeholders, planning activities, implementation strategies, enablers, and supporting resources. The course presents definitions for both types of incident management capabilities and examples of existing national or government CSIRTs.

Audience

The intended audience includes those charged with developing CSIRTs in general but specifically focuses on those in national or government organizations. The audience can also include those interested in learning more about these types of entities. Other audience members include:

  • current and prospective CSIRT managers
  • C-level managers, such as chief information officers (CIOs), chief security officers (CSOs), and chief risk officers (CROs)
  • project leaders interested in establishing or starting a national or government CSIRT
  • other organizations that interact with national or government CSIRTs and would like to gain a deeper understanding of how they operate and how to engage with them

Objectives

At the completion of the course, learners will be able to:

  • Discuss the unique role of a national or government CSIRT
  • Describe the components of a CSIRT in general
  • Identify enablers and supporting resources for establishing a national or government CSIRT
  • Characterize stakeholders for national and government CSIRTs
  • Identify needed collaboration, coordination, and information-sharing initiatives and activities
  • Outline key planning decisions and strategies
  • Create implementation strategies and plans
  • Describe methods for evaluating national and government CSIRTs and implementing resulting process improvements

Topics

  • Introduction to Developing a National/Government CSIRT
  • National Incident Management Ecosystem
  • Defining Incident Management
  • The Evolving Nature of Incident Management Capabilities
  • Defining CSIRTs
  • Uniqueness of a National or Government CSIRT
  • National CSIRT Principles
  • Connection with Critical Infrastructures
  • Planning a National or Government CSIRT: Building Your Strategy
  • Planning a National or Government CSIRT: Best Practices
  • Planning a National or Government CSIRT: Key Decisions
  • Implementing Your National or Government CSIRT: Roles and Responsibilities
  • Implementing Your National or Government CSIRT: Incident Criteria and Incidents of National Importance
  • Implementing Your National or Government CSIRT: Incident Reporting Requirements
  • Implementing Your National or Government CSIRT: Policies and Procedures
  • Implementing Your National or Government CSIRT: Challenges
  • Implementing Your National or Government CSIRT: Politics and Policies
  • Implementing Your National or Government CSIRT: Branding
  • Implementing Your National or Government CSIRT: Information Sharing
  • Process Improvement and Sustainment
  • Summary
  • Resources

Materials

Course methods include lectures and group exercises. Electronic materials are downloadable from the SEI Learning Management System (LMS). Participants attending in-person offerings in an SEI training facility are required to bring a laptop to be used only during course exercises.

Prerequisites

This course has no prerequisites.

 

IMPORTANT NOTICE:

Carnegie Mellon University/Software Engineering Institute offices will be closed for winter break, December 21, 2024-January 1, 2025. SEI course registrations received during this period will be confirmed and enrollment completed upon our return on January 2, 2025.

Course Questions?

Email: course-info@sei.cmu.edu
Phone: 412-268-7388

Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.