HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 35 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Incident Responsearrow Mock exercises for CSIRT
EH-Net
May 24, 2013, 09:07:05 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Mock exercises for CSIRT  (Read 11326 times)
0 Members and 1 Guest are viewing this topic.
snortymcsnort
Newbie
*
Offline Offline

Posts: 17


View Profile
« on: October 14, 2009, 11:06:49 AM »
Hi, I am looking for ideas to revitalize my CSIRT team.  One of the best suggestions I have heard of was having an incident drill so the team members can practice their functions.  Does anyone have some an example of a drill they have run?

Thanks
Logged
unsupported
Sr. Member
****
Offline Offline

Posts: 318


Unofficial Newbie Moderator


View Profile
« Reply #1 on: October 14, 2009, 01:30:05 PM »
There are a few ways to accomplish this.  You can do a live read through any one of Ed Skoudis' scenarios (as outlined here on EH-Net) minus the entertaining themes (Brady Bunch, Simpsons, Matrix, etc).  Ed has given permission and suggestion to do this in the SEC504 course.

You can also hire or have a skilled team member perform a penetration test to see how the team reacts/notices the test or just ignores it.  You should probably only do this with a seasoned group who has worked together for awhile so everyone is not tripping over themselves.
Logged
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
dalepearson
Sr. Member
****
Offline Offline

Posts: 357


View Profile WWW
« Reply #2 on: October 14, 2009, 03:20:39 PM »
It is good practice to regularly carry out a CSIRT drill.
I would suggest thinking about a real world scenario that could impact your organisation, and then go through the stages as you would in real life, but in a drill scenario.

So bringing the teams together, brain storming etc.
If your a global organisation follow the sun so each region has a part to play, and cease the drill when a full rotation has been completed.

Then review the process, improvements, etc.
Logged
:: Subliminal Hacking :: / :: Security Active Blog ::
timmedin
Sr. Member
****
Offline Offline

Posts: 469



View Profile WWW
« Reply #3 on: October 14, 2009, 10:44:23 PM »
NIST has some scenarios in Appendix B of 800-61 Computer Security Incident Handling Guide. While there aren't any super technical things to be done it does provide good food for thought.
Logged
twitter.com/timmedin | http://blog.securitywhole.com
snortymcsnort
Newbie
*
Offline Offline

Posts: 17


View Profile
« Reply #4 on: October 15, 2009, 09:46:03 AM »
Thanks for the replies!  These are all good ideas.
Logged
brima99
Newbie
*
Offline Offline

Posts: 1


View Profile
« Reply #5 on: October 18, 2009, 02:42:17 AM »
A bit late, but check out these:

http://www.enisa.europa.eu/act/cert/support/exercise

Soon we'll also publish Live DVDs

Cheers,
Marco
Logged
snortymcsnort
Newbie
*
Offline Offline

Posts: 17


View Profile
« Reply #6 on: October 19, 2009, 02:16:12 PM »
Thanks Marco.  There are a lot of good materials on the site.  Looking forward to the Live DVDs.
Logged
snortymcsnort
Newbie
*
Offline Offline

Posts: 17


View Profile
« Reply #7 on: January 06, 2010, 10:45:57 AM »
ENISA has the ISO images for their live DVDs available now http://www.enisa.europa.eu/act/cert/support/exercise
They have some really good exercises here and I am looking forward to using them in our training
Logged
UNIX
Hero Member
*****
Offline Offline

Posts: 1235


View Profile
« Reply #8 on: January 08, 2010, 12:33:47 AM »
Sounds interesting, will have a look at it too. Thanks for notifying.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.079 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.