GFCE Cybersecurity Knowledge Modules

KM3 - Cyber diplomacy and international cooperation
Module objectives
1. Risks for international peace and cyber-stability
3 Topics
1.1 Cyber-attacks and geopolitics
1.2 Cyber as part of hybrid warfare
1.3 Cyber-armament
2. Towards an international agreement
4 Topics
2.1. Framework for responsible state behaviour in cyberspace
2.2. Applicability of international law
2.3. Norms, confidence building measures, and capacity building
2.4 Broader context
3. International cooperation
4 Topics
3.1. The United Nations
3.2. Other multilateral forums
3.3. Regional efforts
3.4. Multistakeholder efforts
4. Cyber diplomacy
5. Main takeaways
6. Assignment
1 Quiz
KM3 Quiz
KM4 - Cyber Incident Management
Module objectives
1. Introduction
2. Types of Cyber Incident Response Teams
5 Topics
2.1. National Computer Security Incident Response Team
2.2. Product Security Incident Response Team
2.3. Sector CSIRTs
2.4. Security Operation Centre
2.5. Commercial CSIRT
3. What needs to be considered when establishing a National CSIRT?
2 Topics
3.1. CIRT framework
3.2. How to set up CSIRT and SOC
4. How to assess cyber incident readiness
3 Topics
4.1. Security Incident Management Maturity Model (SIM3)
4.2. Security Operation Centre Capability and Maturity Model (SOC-CMM)
4.3. CSIRT Maturity – Self-assessment Tool
5. Which services do the CSIRTs offer?
2 Topics
5.1. FIRST CSIRT services framework
5.2. ITU-T Recommendation X.1060 service categories
6. Who does the CSIRT serve?
7. Which Tools does a CSIRT need?
8. Policies, frameworks, and guidelines
9. Resourcing and funding a CSIRT
1 Topic
9.1. What does a CSIRT Budget look like?
10. CSIRT capabilities
3 Topics
10.1. Training and certification
10.2. Auditing
10.3. Cyber drills
13. Main takeaways
14. Assignment
1 Quiz
KM4 Quiz
2 of 5
Previous Topic
Next Lesson

10.3. Cyber drills

GFCE Cybersecurity Knowledge Modules 10. CSIRT capabilities 10.3. Cyber drills

The capabilities of a CSIRT are significantly improved through cyber drills through using scenarios to test preparedness, communication, and response capabilities.

Resource: Improving capabilities with cyber drills 

AfricaCERT: AfricaCERT organised its first Cyber Drill: Testing the Waters’’, in 2021. The drill aimed to test the response capability of participating teams facing the following scenarios: phishing, defacement, REM, ransomware investigation. These exercises were designed to put participants into live conditions and tested their communication and technical capabilities. 32 Computer Security Incident Response Teams from 24 countries, including APCERT and OIC-CERT economies teams, participated in the Drill.

APCERT: APCERT organises a cyber drill for APCERT Region and partners. The theme of the 2021 APCERT drill was ’’Supply Chain Attack through Spear-Phishing – Beware of Working from Home’. The exercise reflected real incidents while issues reflected the collaboration amongst the economies in mitigating cyber threats and validated the enhanced communication protocols, technical capabilities, and quality of incident responses that APCERT fosters in assuring Internet security and safety. Twenty-five CSIRTs from nineteen economies of APCERT and two of the OIC-CERT and AfricaCERT participated.

ITU: The ITU organises annual Cyber Drills designed with a dual purpose: as a platform for cooperation, information sharing, and discussions on current cybersecurity issues, as well as to provide hands-on exercise for national Computer Incident Response Teams (CIRTs) / Computer Security Incident Response Teams (CSIRTs).

OAS: The Organization of American States (OAS) and Spanish National Cybersecurity Institute (INCIBE) annually organise the International CyberEx that seeks to strengthen the ability to respond to cyber incidents and improve collaboration and cooperation. International CyberEx 2020 had 80 teams and 320 team members representing 39 countries.

OIC-CERT: The Organization of the Islamic Cooperation – Computer Emergency Response Teams (OIC-CERT) organises an annual Cyber Drill with objectives to:

• Test the communication capabilities of the members’ points of contact.

• Check the processes and procedures in managing contingencies.

• Test the technical competencies of participating teams.

• Simulate cross-border cooperation in mitigating information security incidents.

Capture-The-Flag (CTF): This is a competitive computer security event where participants compete in security-themed challenges for the purpose of obtaining the highest score

Source: Cyber Incident Management in Low-Income Countries – 1: PART 1: A HOLISTIC VIEW ON CSIRT DEVELOPMENT

Previous Topic
Back to Lesson
Next Lesson

New post

Your email address will not be published. Required fields are marked *

Post a comment
Skip to content