Information and Communication Technologies are growing in importance day by day and have become a very important issue that must be emphasized whether in the private or public sector.
Due to increasingly widespread information and communication technology, the network environment has become vast.
In this age of widespread use of technologies, it has brought along harmful environments as well as benefits. These environments bring very important concepts such as cyber risk and threat to our agenda. These threats have a negative impact on the reputation and credibility of all public sector users of ICTs, especially those sectors with critical infrastructure (energy, finance, transportation, communications, etc.). It can have devastating private and public consequences, such as the compromise of confidential information or the unavailability of critical services.
Therefore, public institutions and private sector companies should take all necessary security measures. According to the relevant legislation, these measures are mandatory.
In this context, the National Cyber Incident Response Center (USOM, TR-CERT ) was established within the Information and Communication Technologies Authority in order to identify threats that may occur in the cyber environment against cyber security, to develop and share measures to reduce or eliminate the effects of possible attacks and incidents.
There are teams under the National Cyber Incident Response Center, or SOME for short. SOME stands for Cyber Incident Response Teams. SOMEs operate in sector and organization.
SOME hosts two teams, namely Corporate SOME and Sectoral SOME.
– Corporate SOME: It coordinates with ministries, individual public institutions and other public institutions with information processing.
– Sectoral SOME: It coordinates with the sector working on energy, cyber security, technology, banking and finance sectors, transportation, critical public services, water management and electronic communications. Establishment of Sectoral SOME is mandatory in critical sectors.
In SOME, they provide the necessary technical consultancy and assistance before cyber incidents and warn the institution or organization if necessary.
They provide support during and after a cyber incident.
SOME, defined as Cyber Incident Response Team;
– Taking necessary precautions against cyber-attacks that may be made directly or indirectly to an organization,
– To have knowledge about current attack threats and their processes,
– Ensuring information security of organizations,
– The event viewer is in charge of setting up recording systems against extraordinary situations that may be made to the systems.
Corporate SOME Training aims to provide the basic competencies necessary for Corporate SOME personnel to perform systematic record analysis and management, to identify important security vulnerabilities in the organization’s information systems and to coordinate cyber incident response.
- To have basic knowledge in the field of cyber security,
- To gain action skills related to some categories of vulnerability notifications sent by USOM,
- To have basic network knowledge,
- To have knowledge about basic web application vulnerabilities,
- To have basic knowledge of end-user and server security,
- To learn social engineering and protection methods,
- Anomaly detection from access trace records,
- To have detailed knowledge about basic incident response processes,
- Basic malware analysis
- Module 1 – Introduction to Incident Response and Processing
Computer security incident definitions
Discussions on the importance of data classification
Debates on the struggle for knowledge
Basic concepts of information security
Descriptions of various vulnerabilities, threats and attacks on information systems
Discuss computer security incidents with examples
Descriptions of different categories of events
Definitions of incident response, incident management and forensic informatics
- Module 2 – Risk Assessment
Risk policy disclosures
Forms of risk policy management
Different steps for assessing and mitigating risks in the workplace outlined
Risk analysis definitions
Different risk mitigation strategies
Explanations of the importance of cost/benefit analysis in the risk assessment process
Risk mitigation methods
Residual risk discussions
Risk assessment tools
- Module 3 – Incident Response and Processing Steps
Explanation of requirements for incident response
Incident response processes
Incident response components descriptions
Explanation of incident response method
Explanation of various events and processing stages
Incident response plan definitions
Incident response plan steps outlined
Discussions on the importance of training and awareness raising for incident response and handling
Developing safety awareness and training lists
Incident response policy statements
Incident management and incident management objective discussions
Explanations about incident response team structure, personnel, team dependencies and team services
Defining the relationship between incident response, incident management and incident management
Discussions on best incident response practices
- Module 4 – Some-CSIRT (Computer Security Incidentresponse Team)
Discussions on the need for incident response teams
CSIRT statements of objectives and strategies
CSIRT vision and mission statements
Explanations of CSIRT selection
Description of CSIRT’s place in the organization
Explanations of the relationship with the CSIRT environment
Descriptions of species around CSIRT
The best exercise descriptions for creating a CSIRT
CSIRT role description
Incident response team role definition
Different definitions of CSIRT services
Description of CSIRT policies and procedures
Explanation of CSIRT functioning in an incident
- Module 5 – Network Security Incident Handling Process
Defining Dos and DDos attacks
Descriptions of event processing readiness for Dos attacks
Unauthorized access event types descriptions
Descriptions of the various stages of preparation of operational events for an unauthorized access incident
Descriptions of different incidents of inappropriate use
Descriptions of incident handling steps for misuse incidents
Multi-component event discussions
Descriptions of steps to prepare event processing for multi-component events
Network event simulation with example tools
- Module 6 – Malware Incident Handling Process
Explanations about viruses, worms, Trojans and spyware
Event handling preparation descriptions for malicious code events
Discussions on prevention, detection and analysis of malicious code incidents
Containment strategy descriptions for malicious code events
Evidence method descriptions of malicious code event collection and migration
Eradication method and recovery from malicious code events definitions
Descriptions of various measures for malicious code events
- Module 7 – Internal Threat Process and Assessment Phase
Internal threat definitions
Anatomy of internal attack descriptions
Different technical descriptions for internal threat detection
Descriptions of internal threat responses
Inside incident response plan descriptions
Developing guidelines for internal threat prevention
Demonstration of various monitoring tools running
- Module 8 – Forensic Analysis and Incident Response
Forensic informatics debates
Explains the objectives of forensic analysis
Forensic analysis role discussions in the face of the incident
Explanations of forensic informatics types
Discussions about forensic researchers and other people
Forensic informatics processes definitions
Forensic informatics policy statements
Forensics discussions in life system cycle information
Forensic analysis tool demonstrations such as Helix and Sysinternals tools
- Module 9 – Security Breach Incident Reporting
Event reporting definitions
Designing the detail to be reported
Develop report formats
Discussions on disclosure issues
Descriptions of workplace incident reporting
Discussions on federal agency event categories
Develop incident reporting rules
- Module 10 – Case Resolution Process
Event analysis definitions
Explanations of the principles of event analysis
Identification of different case resolution steps
Discussions on contingency planning / continuity of operations
Business continuity planning and business impact analysis discussions
Defining an incident resolution plan
Discussions about the incident recovery planning team
Incident recovery test definitions
- Module 11 – Security Policy and Laws
Security policy definition
Explanation of the foundations of security policy
Defining the security policy objective
Explanation of security policy objectives
Security policy features descriptions
Discussions on the implementation of security policies
Explanations of access control policies and their importance
Gaps in managerial security policy, asset control policy, audit trail policy, access policy, certification policy, evidence collection policy, information security policy, National Information Security Certification and Accreditation Process (NIACAP) descriptions
Developing physical security guidance
Discussions on personnel safety policies and guidance
Explanations of incident management laws
Legal processes in the event of an incident
- Everyone working in SOME teams.
- Information security experts working in public institutions and corporate business environments,
- IT staff, officer, expert
- Network administrators
- System administrators,
- Security managers and experts,
- Persons interested in information law,
- People in public relations and human resources units who want to have sectoral knowledge about the field,
- Anyone who wants to learn how to take action on Incident Response.
- Knowledge of Kali Linux is a big advantage.
- Metasploitable2, to be familiar with Metasploitable3,
- To have basic knowledge about T-Pot, Modsecurity, Security Onion.
Plan this training institutionally!
This training can be planned in different durations and content specific to your organization. Please contact us for detailed rich content and planning to realize your training objectives.