Speaker
Description
In this presentation we will share our experience in providing training for
security personnel providing operational security for different types of large
distributed infrastructures.
Depending on the target audience and the topics to be addressed, these were
developed in two categories, technical hands on training and table top
exercises.
In the first category either a technical training infrastructure is
required, here also the existing infrastructure can be used, but poses extra
challenges on the trainers. Here the focus is on developing technical skills,
and ideally also covering the higher level aspects of incident response
communication and incident response coordination. The latter aspect is of
particular interest in distributed infrastructures and is usually not covered in
existing similar training activities.
Table top exercises, as they were developed by us, on the other hand rather
focus on the higher level security posture of the whole organisation. Based on
the existing policies and procedures also escalations to press and legal can be
addressed, making an active involvement of the management possible/wanted. This
usually only happens when IT security incidents have a high impact on the
organisation itself, and experience with this situation is usually not
available, and needed communication channels either do not yet exist (for example
involving external security provider) or are not regularly used.
Still a ''tested'' procedure for these cases is extremely important, since any
delay here can easily get very costly.
Here we present our experience developing and running security exercises in
both of the above mentioned categories of security exercises which also are part
of the Thematic CERN School of computing (security) and led to
the security training organised here at ISGC-2026.
