November 24 – 25: Forum of Incident Response and Security Teams – Transits I training
————————————————————————————————————————–

Course Summary

The CSIRT training course aims to develop the knowledge and skills that are needed by staff who are members of a Computer Security Incident Response Team, who will join such a team, or who are involved in creating such a team.

Pre-requisites
Trainees are typically experienced system, network or IT managers. (Interested persons from other backgrounds are welcome to contact the organizers to discuss the suitability of the course for them). They are expected to have an awareness of the security issues involved in connecting computers to the Internet. They must be committed to using their skills to improve the security of computers and networks. For the technical side of the course, familiarity with the normal operation of TCP/IP networks, addresses, port numbers and protocols will be assumed.
The following modules are covered:

CSIRT Organization
Describes how CSIRTs fit into their organizations: planning the CSIRT, defining the constituency of the team and gaining management authority for it, deciding the services the team will offer, working with those outside the organization, staffing the CSIRT, funding. Students will discuss their own organization and how their team fits into it.

Technical Introduction
A basic introduction to the main attack vectors that malicious parties use to attack systems: intruders and their motivations, botnets, network protocols and how they can be abused, operating systems and services, types of vulnerability, information gathering, breaking in, hiding traces, denial-of-service attacks.

CSIRT Operations
Describes the facilities, systems and tools needed by CSIRTs to operate successfully: housing the CSIRT, equipment, e-mail, remote access, information and contacts, servers and networks, incident response plans and procedures, tracking systems. As an exercise students will discuss and develop incident response plans for their own teams.

Legal Issues
A high level overview of the areas of legislation that are likely to affect CSIRTs in their work and that team members need to be aware of: origins of computer legislation, problems, data protection, computer misuse, working with law enforcement, monitoring, evidence.

How to Apply:

In order for your application to be processed efficiently, we request that you send your application to project(at)africacert.org with:
– in the subject : africacert V – Forum of Incident Response and Security Teams Training.
– providing the information specified below:

*** Full Name, address and short description (maximum 200 words) of the organization by which the applicant is employed.

Note: It is very important that you provide us with your personal institutional email address and not a generic one or an online service.
This is to ensure good communications and to verify the validity of the application.

*** Name, job title, postal address, phone and fax number and e-mail address of the person at management level within this organization who supports the application and can provide more information about the applicant.

*** Team Information (if team in operation); contact information and Charter according to RFC 2350 – (http://www.ietf.org/rfc/rfc2350.txt)

NOTE:
Applications will be accepted on a FIRST-COME-FIRST-SERVED basis.

Selection criteria will include the education and experience of the applicants, the contribution that they will be able to make to the overall security of the Internet. The workshop organizers may ask advice on the applications from the managers of the applicants and from appropriate members of the African Internet community.

November 26 – APday: Training with JPCERT and KrCERT
——————————————————————————
This is one day training course on Network Monitoring and Traffic Analysis (Advanced)

CSIRT training for technical staff: advanced network monitoring

Description

This is a one day workshop focusing on Network Monitoring and Traffic Analysisy.

Course

Network Monitoring and Traffic Analysis (Advanced)

Abstract

Network monitoring is one of the ways to understand what is happening within the network. This session will cover the basic knowledge of network monitoring and issues that we should know (Ex: legal issues, privacy issues, encryption, covert channel, etc.). This training course provide participants hands-on experience on analyzing traffic generated by malware, botnet and other malicious tools.

November 27 – AfricaCERT Cybersecurity Day. (Hosted by CICERT)