Skills & Competency for CSIRT

respond to incidents perform analysis tasks communicate effectively with your constituency

competent problem solvers must easily adapt to change must be effective in their daily activities

mission and goals (of the CSIRT)

nature and range of services offered available staff expertise constituency size and technology base anticipated incident load

severity or complexity of incident reports

funding

Personal Skills

Technical Skill

Personal Skills

Communication

Presentation Skill

Diplomacy

Compliance
Ability to follow Policies and Procedures

Team Skills

Integrity

Knowing One's Limits

Coping with Stress

Problem Solving

Time Management

Technical Skills

Technical Foundation

Security Principles

Security Vulnerabilities/Weaknesses

The Internet

The Risks

Network Protocols

Network Applications and Services

Network Security Issues

Host/System Security Issues

Malicious Code
(Viruses, Worms, Trojan Horse programs)

Incident Handling

Local Team Policies and Procedures

Understanding/Identifying Intruder Techniques

Communicating with Sites

Incident Analysis

Maintenance of Incident Records

Technical Skills

Personal Skills

Communication
Presentation Skill Diplomacy Compliance Team Skill Integrity Know the limits Coping with Stress Problem Solving Time Management

Technical Foundation
Security Principles Security Vulnerabilities/Weaknesses The Internet Risks Network Protocols Network Applications and Services Network Security Issues Host/System Security Issues Malicious Code (Viruses, Worms, Trojan Horse programs) Programming Skills

Incident Handling
Local Team Policies and Procedures Understanding/Identifying Intruder Techniques Communicating with Sites Incident Analysis Maintenance of Incident Records

IT Security Roadmap

Role-based Specialist IT Fundamentals IT Security Fundamentals

Network Administrator IT Security Specialist IT Security Manager

0 1 Years Experience

1 2 Years Experience

> 3 Years Experience

Function vs Certification
Career Level
IT Executive

Required Skills
Security Design and Compliance Skills
Vendor Specific

Certifications

IT Manager

Specialized Security Skills

Vendor Neutral

IT Admin

Network Security Skills

IT Worker Basic Security Concept Foundation Security Knowledge

Information Worker

Information Security Certification

ORGANIZATION CompTIA EC-Council GIAC ISACA (ISC)2 ISECOM Offensive Security Mile2 CREST IACRB eLearnSecurity Security Certified Brainbench CIW CWNP Cisco Systems Symantec CheckPoint Microsoft CERTIFICATION Security+ CEH, CHFI, ECSA, ECSP, ENSA, LPT GSIF, GSEC, GCIA, GCFW, GCFA, GCIH, GPEN, GCUX, GCWN, GWAPT, GAWN, GREM, GSE CISA, CISM, CGEIT, CRISC CAP, CISSP, CSSLP, ISSAP, ISSEP, ISSMP, SSCP OPST, OPSA, OPSE, OWSE OSCP, OSCE CPTE, CPT Consultant CREST Consultant CPT, CEPT eCPPT SCNS, SCNP, SCNA BITSF, BISA CWSA, CWSS, CWSP CWTS, CWNA, CWSP CCNA Security, CCSP, CCIE Security SCS CCSA, CCSE, CCMSE, CCSEPE, CCMA MCSA Security

DoD Information Assurance (IA) Workforce Strategy

Certify the Workforce Manage the Workforce Sustain the Workforce Extend the Discipline
Improved IA posture Increased confidence that personnel performing IA functions are capable of doing the job Mechanism in place to raise the bar on IA skills

Ability to place trained/capable personnel in IA jobs Ability to define standard IA personnel requirements

Personnel enabled to hone IA skills, keep up with latest technology, threats and vulnerabilities

Local commanders understand impact of IA on mission accomplishment Standard allies and coalition partners can emulate IA for other workforces (acquisition, legal, audit etc.)

Didik Partono Rudiarto Tim Ahli ID-SIRTII