GFCE Cybersecurity Knowledge Modules

KM3 - Cyber diplomacy and international cooperation
Module objectives
1. Risks for international peace and cyber-stability
3 Topics
1.1 Cyber-attacks and geopolitics
1.2 Cyber as part of hybrid warfare
1.3 Cyber-armament
2. Towards an international agreement
4 Topics
2.1. Framework for responsible state behaviour in cyberspace
2.2. Applicability of international law
2.3. Norms, confidence building measures, and capacity building
2.4 Broader context
3. International cooperation
4 Topics
3.1. The United Nations
3.2. Other multilateral forums
3.3. Regional efforts
3.4. Multistakeholder efforts
4. Cyber diplomacy
5. Main takeaways
6. Assignment
1 Quiz
KM3 Quiz
KM4 - Cyber Incident Management
Module objectives
1. Introduction
2. Types of Cyber Incident Response Teams
5 Topics
2.1. National Computer Security Incident Response Team
2.2. Product Security Incident Response Team
2.3. Sector CSIRTs
2.4. Security Operation Centre
2.5. Commercial CSIRT
3. What needs to be considered when establishing a National CSIRT?
2 Topics
3.1. CIRT framework
3.2. How to set up CSIRT and SOC
4. How to assess cyber incident readiness
3 Topics
4.1. Security Incident Management Maturity Model (SIM3)
4.2. Security Operation Centre Capability and Maturity Model (SOC-CMM)
4.3. CSIRT Maturity – Self-assessment Tool
5. Which services do the CSIRTs offer?
2 Topics
5.1. FIRST CSIRT services framework
5.2. ITU-T Recommendation X.1060 service categories
6. Who does the CSIRT serve?
7. Which Tools does a CSIRT need?
8. Policies, frameworks, and guidelines
9. Resourcing and funding a CSIRT
1 Topic
9.1. What does a CSIRT Budget look like?
10. CSIRT capabilities
3 Topics
10.1. Training and certification
10.2. Auditing
10.3. Cyber drills
13. Main takeaways
14. Assignment
1 Quiz
KM4 Quiz
2 of 5
Previous Lesson
Next Topic

10.1. Training and certification

GFCE Cybersecurity Knowledge Modules 10. CSIRT capabilities 10.1. Training and certification

The role of a CSIRT is to manage the operational response to incidents, regardless of the type of incident, both out-of-band and day-to-day incidents. To perform such tasks, a CSIRT needs to be efficient and professional, with experts qualified in the IT security field.

Resource: Video – Cybersecurity Professional Profile

The making of Cybersecurity Professional: Listen in as bikozulu catches up with cyber security guru, Dr. Bright Gameli

Training in technical and soft skills,  malware analysis, industrial control systems/SCADA, cyber threat monitoring and analysis, oral/written communication, relationship management at international and national levels, coping with stress and problem solving, were, in particular, identified as important in improving the functionality of the CSIRTs in GFCE survey of low income countries.  The challenges associated with the acquisition of these skills which are limited budgets, the lack of competent trainers, and heavy workloads may be overcome through regional and international collaboration in capacity building.

Good practice: Seek support from others for national CSIRT capacity building

Reference to the GFCE Global Good Practice – National Computer Security Incident Response Teams (CSIRTs) sharing information as well as seeking knowledge and expertise for practical and applicable solutions from global and regional communities is critical for the foundation of a national CSIRT. Capacity building through communities such as Forum for Incident Response Teams (FIRST), AfriCERT, OIC-CERT, Meridian process buddy initiative.

To build the critical mass of cybersecurity experts required to protect the Continent, it is proposed that countries consider introducing cyber-related training to children at an early age.  Taking advantage of increased access to broadband, this training could be delivered online. 

Resource: Digital Transformation Strategy for Africa

An objective of the Digital Transformation Strategy for Africa (2020-2030) is to  “offer a massive online e-skills development program to provide basic knowledge and skills in security and privacy in the digital environment to 100 million Africans a year by 2021 and 300million per year by 2025.’’

Based on the classification of services in the FIRST CSIRT Services Framework, the GFCE has developed an N-CSIRT service roadmap that proposes the resources requirements, knowledge, skills, competencies, policies, guidelines, frameworks, tools, and training necessary to manage each service.

Training tailored for CSIRT teams is offered by Udemy, SANS National Initiative for Cybersecurity Education (NICE), EC Council, ISACA, IBM, ENISA, ISC2, eLearningSecurity, Cyber4Dev, CREST and global CSIRT collaborations including AfricaCERT, ENISA, CIRCL, CERT-Tools Community, ICANN.

Reflection point

A self-assessment of the N-CSIRT capability using the above tools and maturity model can help in the identification of resources and training required to improve the services of the team to its constituents.

Based on the existing and planned services of your N-CSIRT what training does the team require? 

Identify the training providers.

Case study: EG-CERT Experience in Capacity Building

Egyptian national Computer Emergency Readiness Team (EG-CERT), affiliated with the Egyptian National Telecom Regulatory Authority (NTRA) was launched in April 2009. EG-CERT offers both reactive and proactive services to its constituents who are in the ICT, financial, and government sectors.

The EG-CERT employs over 60 professionals (more than 45 of them are full-time cybersecurity professionals). Recognising the need to empower and enhance the skills of those responsible for CIIP in the critical sectors, the NTRA   organised and sponsored a pilot national cybersecurity training program between 2009–2010. The program trained 220 professionals in 38 organisations within the governmental/public sector, banking sector, education sector, as well as from ICT private sector companies.  Outcomes from the program included 179 international certificates from SANS and the creation of awareness, enhanced readiness, and the establishment of a network of trust and enhanced cooperation spirit among participating entities and professionals. 

The financial sponsorship from the NTRA was an indication of commitment, partnership, and support from the public sector, and inspired other programs and gained the recognition of the International Telecommunications Union (ITU) in the Global Cybersecurity Index, published in 2015 and subsequent years. 

EG-CERT participates in national cybersecurity matters including the development and implementation of the Egyptian National Cybersecurity Strategy, first published in 2017 and in the Egyptian Supreme Cybersecurity Council (ESCC) established in 2014. At the regional and international level, EG-CERT participates in collaboration events including annual international cyber drills with the Asia Pacific – APCERT annual cyber drill, Organization of Islamic Countries – OIC-CERT annual cyber drills and the ITU Arab region cyber drill. EG-CERT is a member of the International Forum of Incident Response and Security Teams (FIRST), and a founding member of the Organization of Islamic Countries CERT (OIC-CERT) and AfricaCERT.

Source: Cyber Incident Management in Low-Income Countries – 1: PART 1: A HOLISTIC VIEW ON CSIRT DEVELOPMENT

Previous Lesson
Back to Lesson
Next Topic

New post

Your email address will not be published. Required fields are marked *

Post a comment
Skip to content