The role of a CSIRT is to manage the operational response to incidents, regardless of the type of incident, both out-of-band and day-to-day incidents. To perform such tasks, a CSIRT needs to be efficient and professional, with experts qualified in the IT security field.
Resource: Video – Cybersecurity Professional Profile
The making of Cybersecurity Professional: Listen in as bikozulu catches up with cyber security guru, Dr. Bright Gameli
Training in technical and soft skills, malware analysis, industrial control systems/SCADA, cyber threat monitoring and analysis, oral/written communication, relationship management at international and national levels, coping with stress and problem solving, were, in particular, identified as important in improving the functionality of the CSIRTs in GFCE survey of low income countries. The challenges associated with the acquisition of these skills which are limited budgets, the lack of competent trainers, and heavy workloads may be overcome through regional and international collaboration in capacity building.
Good practice: Seek support from others for national CSIRT capacity building
Reference to the GFCE Global Good Practice – National Computer Security Incident Response Teams (CSIRTs) sharing information as well as seeking knowledge and expertise for practical and applicable solutions from global and regional communities is critical for the foundation of a national CSIRT. Capacity building through communities such as Forum for Incident Response Teams (FIRST), AfriCERT, OIC-CERT, Meridian process buddy initiative.
To build the critical mass of cybersecurity experts required to protect the Continent, it is proposed that countries consider introducing cyber-related training to children at an early age. Taking advantage of increased access to broadband, this training could be delivered online.
Resource: Digital Transformation Strategy for Africa
An objective of the Digital Transformation Strategy for Africa (2020-2030) is to “offer a massive online e-skills development program to provide basic knowledge and skills in security and privacy in the digital environment to 100 million Africans a year by 2021 and 300million per year by 2025.’’
Based on the classification of services in the FIRST CSIRT Services Framework, the GFCE has developed an N-CSIRT service roadmap that proposes the resources requirements, knowledge, skills, competencies, policies, guidelines, frameworks, tools, and training necessary to manage each service.
Training tailored for CSIRT teams is offered by Udemy, SANS National Initiative for Cybersecurity Education (NICE), EC Council, ISACA, IBM, ENISA, ISC2, eLearningSecurity, Cyber4Dev, CREST and global CSIRT collaborations including AfricaCERT, ENISA, CIRCL, CERT-Tools Community, ICANN.
Reflection point
A self-assessment of the N-CSIRT capability using the above tools and maturity model can help in the identification of resources and training required to improve the services of the team to its constituents.
Based on the existing and planned services of your N-CSIRT what training does the team require?
Identify the training providers.
Case study: EG-CERT Experience in Capacity Building
Egyptian national Computer Emergency Readiness Team (EG-CERT), affiliated with the Egyptian National Telecom Regulatory Authority (NTRA) was launched in April 2009. EG-CERT offers both reactive and proactive services to its constituents who are in the ICT, financial, and government sectors.
The EG-CERT employs over 60 professionals (more than 45 of them are full-time cybersecurity professionals). Recognising the need to empower and enhance the skills of those responsible for CIIP in the critical sectors, the NTRA organised and sponsored a pilot national cybersecurity training program between 2009–2010. The program trained 220 professionals in 38 organisations within the governmental/public sector, banking sector, education sector, as well as from ICT private sector companies. Outcomes from the program included 179 international certificates from SANS and the creation of awareness, enhanced readiness, and the establishment of a network of trust and enhanced cooperation spirit among participating entities and professionals.
The financial sponsorship from the NTRA was an indication of commitment, partnership, and support from the public sector, and inspired other programs and gained the recognition of the International Telecommunications Union (ITU) in the Global Cybersecurity Index, published in 2015 and subsequent years.
EG-CERT participates in national cybersecurity matters including the development and implementation of the Egyptian National Cybersecurity Strategy, first published in 2017 and in the Egyptian Supreme Cybersecurity Council (ESCC) established in 2014. At the regional and international level, EG-CERT participates in collaboration events including annual international cyber drills with the Asia Pacific – APCERT annual cyber drill, Organization of Islamic Countries – OIC-CERT annual cyber drills and the ITU Arab region cyber drill. EG-CERT is a member of the International Forum of Incident Response and Security Teams (FIRST), and a founding member of the Organization of Islamic Countries CERT (OIC-CERT) and AfricaCERT.
Source: Cyber Incident Management in Low-Income Countries – 1: PART 1: A HOLISTIC VIEW ON CSIRT DEVELOPMENT