top of page

Managing a Cyber Battle Team

Managing a Computer Security Incident Response Team (CSIRT)

This course provides current and future managers of Cyber Battle Teams or, in technical terms, Computer Security Incident Response Teams (CSIRTs) with a pragmatic view of the issues they will face in operating an effective team. 

The course provides insight into the work that the Cyber Battle Team staff may be expected to handle. The course also provides you with an overview of the incident handling process and the types of tools and infrastructure you need to be effective. Technical issues are discussed from a management perspective. Students will gain experience with the kind of decisions they might face regularly. 

Before attending this course, you are encouraged to complete the course, Creating a Cyber Security Incident Response Team

NOTE: This course accrues points towards a Masters in Cyber Security from the Software Engineers Institute



Who should do this course?

  • Managers who need to Manage a Cyber Battle Team (CSIRT)

  • Managers who have responsibility or must work with those who do have responsibility for computer security incidents and management activities

  • Managers who have experience in incident handling and want to learn more about operating effective Cyber Battle Teams

  • Other staff who interact with CSIRTs would like to gain a deeper understanding of how CSIRTs operate. 


This course will help your staff to

  • Recognise the importance of establishing well-defined policies and procedures for incident management processes.

  • Identify policies and procedures that should be established and implemented for a CSIRT.

  • Understand incident management activities, including the types of activities and interactions that a CSIRT may perform.

  • Learn about various processes involved in detecting, analysing, and responding to computer security events and incidents.

  • Identify critical components needed for protecting and sustaining CSIRT operations.

  • Manage a responsive, effective team of computer security professionals.

  • Evaluate CSIRT operations and identify performance gaps, risks, and needed improvements.


  • Incident management process

  • Hiring and mentoring CSIRT staff

  • Developing CSIRT policies and procedures

  • Requirements for developing CSIRT services

  • Handling media issues

  • Building and managing the CSIRT infrastructure

  • Coordinating response

  • Handling major events

  • Working with law enforcement

  • Evaluating CSIRT operations

  • Incident management capability metrics

bottom of page