Mock exercises for CSIRT

Viewing 8 reply threads
  • Author
    Posts
    • #4336
      snortymcsnort
      Participant

      Hi, I am looking for ideas to revitalize my CSIRT team.  One of the best suggestions I have heard of was having an incident drill so the team members can practice their functions.  Does anyone have some an example of a drill they have run?

      Thanks

    • #27404
      unsupported
      Participant

      There are a few ways to accomplish this.  You can do a live read through any one of Ed Skoudis’ scenarios (as outlined here on EH-Net) minus the entertaining themes (Brady Bunch, Simpsons, Matrix, etc).  Ed has given permission and suggestion to do this in the SEC504 course.

      You can also hire or have a skilled team member perform a penetration test to see how the team reacts/notices the test or just ignores it.  You should probably only do this with a seasoned group who has worked together for awhile so everyone is not tripping over themselves.

    • #27405
      dalepearson
      Participant

      It is good practice to regularly carry out a CSIRT drill.
      I would suggest thinking about a real world scenario that could impact your organisation, and then go through the stages as you would in real life, but in a drill scenario.

      So bringing the teams together, brain storming etc.
      If your a global organisation follow the sun so each region has a part to play, and cease the drill when a full rotation has been completed.

      Then review the process, improvements, etc.

    • #27406
      timmedin
      Participant

      NIST has some scenarios in Appendix B of 800-61 Computer Security Incident Handling Guide. While there aren’t any super technical things to be done it does provide good food for thought.

    • #27407
      snortymcsnort
      Participant

      Thanks for the replies!  These are all good ideas.

    • #27408
      brima99
      Participant

      A bit late, but check out these:

      http://www.enisa.europa.eu/act/cert/support/exercise

      Soon we’ll also publish Live DVDs

      Cheers,
      Marco

    • #27409
      snortymcsnort
      Participant

      Thanks Marco.  There are a lot of good materials on the site.  Looking forward to the Live DVDs.

    • #27410
      snortymcsnort
      Participant

      ENISA has the ISO images for their live DVDs available now http://www.enisa.europa.eu/act/cert/support/exercise
      They have some really good exercises here and I am looking forward to using them in our training

    • #27411
      UNIX
      Participant

      Sounds interesting, will have a look at it too. Thanks for notifying.

Viewing 8 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?