Exercise 2
Welcome!
Exercise 2: Incident Handling Procedure Testing
| Main Objective | In this exercise participants will have the opportunity to learn the most important information about incident handling. It will give them an idea on how to organise this process in their teams in the most efficient way. | |
|---|---|---|
| Targeted Audience | This exercise is especially aimed at novice CERT members. It can also be delivered to more experienced members to provide them with an opportunity to review their existing procedures and learn new methods of incident handling which will enable them to organise their work in a more efficient way. | |
| Total Duration | 3 hours, 10 minutes | |
| Time Schedule | Introduction to the exercise | 30 min. |
| Task 1: Developing incident handling procedures | 60 min | |
| Task 2: Resolving critical problems in incident handling | 70 min. | |
| Summary of the exercise and evaluation | 30 min. | |
| Frequency | It is most important that this exercise be conducted with new CSIRT members or even with candidates. It could also be conducted periodically, to give more experienced team members the opportunity to evaluate and improve their existing procedures. | |
General Description
The purpose of this exercise is:
- To familiarise participants with the basic set of activities relating to incident handling (IH) processes;
- To teach a correct sequence of activities during the IH process;
- To point out and provide knowledge about the most important parts of the IH procedure which critically influence the success of the process;
- To familiarise participants familiar all possible players in the IH process; and
To provide participants with basic knowledge about the most effective methods of cooperation between CSIRT and key incident handling players.
Download Exercise 2 Toolset - 118 kB
