SOME Training

SOME Training

Get Information

Information and Communication Technologies are growing in importance day by day and have become a very important issue that must be emphasized whether in the private or public sector.

Due to increasingly widespread information and communication technology, the network environment has become vast.

In this age of widespread use of technologies, it has brought along harmful environments as well as benefits. These environments bring very important concepts such as cyber risk and threat to our agenda. These threats have a negative impact on the reputation and credibility of all public sector users of ICTs, especially those sectors with critical infrastructure (energy, finance, transportation, communications, etc.). It can have devastating private and public consequences, such as the compromise of confidential information or the unavailability of critical services.

Therefore, public institutions and private sector companies should take all necessary security measures. According to the relevant legislation, these measures are mandatory.

In this context, the National Cyber Incident Response Center (USOM, TR-CERT ) was established within the Information and Communication Technologies Authority in order to identify threats that may occur in the cyber environment against cyber security, to develop and share measures to reduce or eliminate the effects of possible attacks and incidents.

There are teams under the National Cyber Incident Response Center, or SOME for short. SOME stands for Cyber Incident Response Teams. SOMEs operate in sector and organization.

SOME hosts two teams, namely Corporate SOME and Sectoral SOME.

– Corporate SOME: It coordinates with ministries, individual public institutions and other public institutions with information processing.
– Sectoral SOME: It coordinates with the sector working on energy, cyber security, technology, banking and finance sectors, transportation, critical public services, water management and electronic communications. Establishment of Sectoral SOME is mandatory in critical sectors.

In SOME, they provide the necessary technical consultancy and assistance before cyber incidents and warn the institution or organization if necessary.

They provide support during and after a cyber incident.

SOME, defined as Cyber Incident Response Team;

– Taking necessary precautions against cyber-attacks that may be made directly or indirectly to an organization,
– To have knowledge about current attack threats and their processes,
– Ensuring information security of organizations,
The event viewer is in charge of setting up recording systems against extraordinary situations that may be made to the systems.

Corporate SOME Training aims to provide the basic competencies necessary for Corporate SOME personnel to perform systematic record analysis and management, to identify important security vulnerabilities in the organization’s information systems and to coordinate cyber incident response.

About Education

Education Goals:

  • To have basic knowledge in the field of cyber security,
  • To gain action skills related to some categories of vulnerability notifications sent by USOM,
  • To have basic network knowledge,
  • To have knowledge about basic web application vulnerabilities,
  • To have basic knowledge of end-user and server security,
  • To learn social engineering and protection methods,
  • Anomaly detection from access trace records,
  • To have detailed knowledge about basic incident response processes,
  • Basic malware analysis

Training Content:


  • Module 1 – Introduction to Incident Response and Processing

Computer security incident definitions

Discussions on the importance of data classification

Debates on the struggle for knowledge

Basic concepts of information security

Descriptions of various vulnerabilities, threats and attacks on information systems

Discuss computer security incidents with examples

Descriptions of different categories of events

Event prioritization

Definitions of incident response, incident management and forensic informatics


  • Module 2 – Risk Assessment

Risk policy disclosures

Forms of risk policy management

Different steps for assessing and mitigating risks in the workplace outlined

Risk analysis definitions

Different risk mitigation strategies

Explanations of the importance of cost/benefit analysis in the risk assessment process

Risk mitigation methods

Residual risk discussions

Risk assessment tools


  • Module 3 – Incident Response and Processing Steps

Explanation of requirements for incident response

Incident response processes

Incident response components descriptions

Explanation of incident response method

Explanation of various events and processing stages

Incident response plan definitions

Incident response plan steps outlined

Discussions on the importance of training and awareness raising for incident response and handling

Developing safety awareness and training lists

Incident response policy statements

Incident management and incident management objective discussions

Explanations about incident response team structure, personnel, team dependencies and team services

Defining the relationship between incident response, incident management and incident management

Discussions on best incident response practices


  • Module 4 – Some-CSIRT (Computer Security Incidentresponse Team)

Discussions on the need for incident response teams

CSIRT statements of objectives and strategies

CSIRT vision and mission statements

Explanations of CSIRT selection

Description of CSIRT’s place in the organization

Explanations of the relationship with the CSIRT environment

Descriptions of species around CSIRT

The best exercise descriptions for creating a CSIRT

CSIRT role description

Incident response team role definition

Different definitions of CSIRT services

Description of CSIRT policies and procedures

Explanation of CSIRT functioning in an incident


  • Module 5 – Network Security Incident Handling Process

Defining Dos and DDos attacks

Descriptions of event processing readiness for Dos attacks

Unauthorized access event types descriptions

Descriptions of the various stages of preparation of operational events for an unauthorized access incident

Descriptions of different incidents of inappropriate use

Descriptions of incident handling steps for misuse incidents

Multi-component event discussions

Descriptions of steps to prepare event processing for multi-component events

Network event simulation with example tools


  • Module 6 – Malware Incident Handling Process

Explanations about viruses, worms, Trojans and spyware

Event handling preparation descriptions for malicious code events

Discussions on prevention, detection and analysis of malicious code incidents

Containment strategy descriptions for malicious code events

Evidence method descriptions of malicious code event collection and migration

Eradication method and recovery from malicious code events definitions

Descriptions of various measures for malicious code events


  • Module 7 – Internal Threat Process and Assessment Phase

Internal threat definitions

Anatomy of internal attack descriptions

Different technical descriptions for internal threat detection

Descriptions of internal threat responses

Inside incident response plan descriptions

Developing guidelines for internal threat prevention

Demonstration of various monitoring tools running


  • Module 8 – Forensic Analysis and Incident Response

Forensic informatics debates

Explains the objectives of forensic analysis

Forensic analysis role discussions in the face of the incident

Explanations of forensic informatics types

Discussions about forensic researchers and other people

Forensic informatics processes definitions

Forensic informatics policy statements

Forensics discussions in life system cycle information

Forensic analysis tool demonstrations such as Helix and Sysinternals tools


  • Module 9 – Security Breach Incident Reporting

Event reporting definitions

Designing the detail to be reported

Develop report formats

Discussions on disclosure issues

Descriptions of workplace incident reporting

Discussions on federal agency event categories

Develop incident reporting rules


  • Module 10 – Case Resolution Process

Event analysis definitions

Explanations of the principles of event analysis

Identification of different case resolution steps

Discussions on contingency planning / continuity of operations

Business continuity planning and business impact analysis discussions

Defining an incident resolution plan

Discussions about the incident recovery planning team

Incident recovery test definitions


  • Module 11 – Security Policy and Laws

Security policy definition

Explanation of the foundations of security policy

Defining the security policy objective

Explanation of security policy objectives

Security policy features descriptions

Discussions on the implementation of security policies

Explanations of access control policies and their importance

Gaps in managerial security policy, asset control policy, audit trail policy, access policy, certification policy, evidence collection policy, information security policy, National Information Security Certification and Accreditation Process (NIACAP) descriptions

Developing physical security guidance

Discussions on personnel safety policies and guidance

Explanations of incident management laws

Legal processes in the event of an incident

Who Should Receive the Training?

  • Everyone working in SOME teams.
  • Information security experts working in public institutions and corporate business environments,
  • IT staff, officer, expert
  • Network administrators
  • System administrators,
  • Security managers and experts,
  • Persons interested in information law,
  • People in public relations and human resources units who want to have sectoral knowledge about the field,
  • Anyone who wants to learn how to take action on Incident Response.


  • Knowledge of Kali Linux is a big advantage.
  • Metasploitable2, to be familiar with Metasploitable3,
  • To have basic knowledge about T-Pot, Modsecurity, Security Onion.

Plan this training institutionally!

This training can be planned in different durations and content specific to your organization. Please contact us for detailed rich content and planning to realize your training objectives.

Get in touch

Additional information






Academy Club