Creating a Cyber Battle Team

Creating a Computer Security Incident Response Team (CSIRT)

This course is designed for managers and project leaders who have been tasked with creating your Cyber Battle Team which in technical terms is a Computer Security Incident Response Team (CSIRT). This course provides a high-level overview of the key issues and decisions that must be addressed in establishing a Cyber Battle Team. As part of the course, your staff will develop an action plan that can be used as a starting point in planning and implementing your Cyber Battle Team. They will know what types of resources and infrastructure needed to support a team. Additionally, attendees will identify policies and procedures that should be established and implemented when creating a CSIRT. 

Who should do this course?

  • Current and prospective CSIRT managers; C-level managers such as CIOs, CSOs, CROs; and project leaders interested in establishing or starting a Cyber Battle Team

  • Other staff who interact with CSIRTs and would like to gain a deeper understanding of how CSIRTs operate. For example, CSIRT constituents; higher-level management; media relations, legal counsel, law enforcement, human resources, audit, or risk management staff.

What your staff will learn?

Your staff will learn to:

  • Understand the requirements for establishing an effective Cyber Battle Team (CSIRT)

  • Strategically plan the development and implementation of a new Cyber Battle Team 

  • Highlight issues associated with assembling a responsive, effective team of computer security professionals

  • Identify policies and procedures that should be established and implemented

  • Understand various organisational models for a new Cyber Battle Team

  • Understand the variety and level of services that can be provided by a Cyber Battle Team


  • Incident management and the relationship to CSIRTs

  • Prerequisites to planning a CSIRT

  • Creating a CSIRT vision

  • CSIRT mission, objectives, and level of authority

  • CSIRT organizational issues and models

  • Range and levels of provided services

  • Funding issues

  • Hiring and training initial CSIRT staff

  • Implementing CSIRT policies and procedures

  • Requirements for a CSIRT infrastructure

  • Implementation and operational issues and strategies

  • Collaboration and communication issues

©2020 by Cyber365