Creating a Cyber Security Incident Response Team

Create your Battle Team 

This course is designed for managers and project leaders who have been tasked with creating your Cyber Battle Team, which in technical terms is a Computer Security Incident Response Team (CSIRT). This course provides a high-level overview of the key issues and decisions that must be addressed in establishing a Cyber Battle Team. As part of the course, your staff will develop an action plan that can be used as a starting point in planning and implementing your Cyber Battle Team. They will know what types of resources and infrastructure needed to support a team. Additionally, attendees will identify policies and procedures that should be established and implemented when creating a CSIRT. 

NOTE: This course accrues points towards a Masters in Cyber Security from the Software Engineers Institute


1 (1).png

Who should do this course?

  • Current and prospective CSIRT managers; C-level managers such as CIOs, CSOs, CROs; and project leaders interested in establishing or starting a Cyber Battle Team.

  • Other staff who interact with CSIRTs and would like to gain a deeper understanding of how CSIRTs operate. For example, CSIRT constituents; higher-level management; media relations, legal counsel, law enforcement, human resources, audit, or risk management staff.


  • Incident management and the relationship to CSIRTs

  • Prerequisites to planning a CSIRT

  • Creating a CSIRT vision

  • CSIRT mission, objectives, and level of authority

  • CSIRT organizational issues and models

  • Range and levels of provided services

  • Funding issues

  • Hiring and training initial CSIRT staff

  • Implementing CSIRT policies and procedures

  • Requirements for a CSIRT infrastructure

  • Implementation and operational issues and strategies

  • Collaboration and communication issues

What your staff will learn?

Your staff will learn to:

  • Understand the requirements for establishing an effective Cyber Battle Team (CSIRT)

  • Strategically plan the development and implementation of a new Cyber Battle Team. 

  • Highlight issues associated with assembling a responsive, effective team of computer security professionals

  • Identify policies and procedures that should be established and implemented.

  • Understand various organisational models for a new Cyber Battle Team

  • Understand the variety and level of services that a Cyber Battle Team can provide