The TRANSITS-China training course will be delivered for the first time on 22-23 March 2005 during the 'Computer Network Security and Emergency Response Annual Conference, China2005', which is also the 2nd CNCERT/CC Annual Conference. The location will be the GuanGuang hotel in Guilin Guangxi province of China.
　　This training course is organized by FIRST( www.first.org ) and hosted by CNCERT/CC as the first 'FIRST/TRANSITS security training course' based on TRANSITS materials in the AP region.
　　Two prominent international experts of computer and network security will be presenting this two-day training course. The training course will be lectured in English and the training materials will be described by Chinese and English.
　　The course deals with the operational, organizational and legal aspects of incident response. It is opened to professionals who are either members (or future members) of existing computer security teams, or who will be involved in building such a team within their organization.
Pre-requisites
　　Trainees are typically experienced system, network or IT managers. (Interested persons from other backgrounds are welcome to contact the organizers to discuss the suitability of the course for them.)
They are expected to have an awareness of the security issues involved in connecting computers to the Internet. They must be committed to using their skills to improve the security of computers and networks. For the technical side of the course, familiarity with the normal operation of TCP/IP networks, addresses, port numbers and protocols will be assumed.
Course summary
　　The CSIRT training course aims to develop the knowledge and skills that are needed by staff who are members of a Computer Security Incident Response Team, who will join such a team, or who are involved in creating such a team. The course materials have been supported by the TERENA and it's copyright belongs to TERENA. The course will be a mixture of presentations, exercises and discussion sessions, occupying two full days.
　　The course is designed to help trainees to work together to exchange information and develop their own ideas. To give the best opportunity for interaction, accommodation for all participants will be arranged at the course hotel – informal discussions in the evening are expected to be a valuable part of the training.
Course description
Objectives:
　　1.Understand where CSIRTs fit into the organization
　　2. Understand the tasks and tools that are necessary to perform their function
　　3. Develop and practice the skills that are needed by a CSIRT team member
　　4. Understand the external issues (both legal and technical) that may effect the operation of a CSIRT.
The course consists of five modules. Some of these include exercises that the trainees will complete and discuss, while others will include time for discussion among the whole class. The modules are:
CSIRT Organization
　　Describes how CSIRTs fit into their organizations; planning the CSIRT, defining the constituency of the team and gaining management authority for it, deciding the services the team will offer, working with those outside the organization, staffing the CSIRT, funding. Students will discuss their own organization and how their team fits into it.
Technical Aspects
　　Understanding how intruders attack systems; intruders and their motivations, network protocols and how they can be abused, operating systems and services, types of vulnerability, information gathering, breaking in, hiding traces, denial of service attacks. A number of exercises are used to show how these appear in practice.
CSIRT Operations
　　Describes the facilities, systems and tools needed by CSIRTs to operate successfully: housing the CSIRT, equipment, e-mail, remote access, information and contacts, servers and networks, incident response plans and procedures, tracking systems. As an exercise students will discuss and develop incident response plans for their own teams.
Legal Issues
　　Looks at the areas of legislation that are likely to affect CSIRTs in their work and that team members need to be aware of; origins of computer legislation, problems, data protection, computer misuse, working with law enforcement, monitoring, evidence, European developments.
Working with vulnerabilities
　　Discusses the roles that CSIRTs may decide to play in distributing and producing information about vulnerabilities: why do vulnerabilities exist, what should CSIRTs aim to do, sources of information and how to use them, advisories - distribution, interpretation, investigation and co-ordination.
Time and Venue
　　The course will start on Tuesday 22 March 2005 at 9:00 hour and will finish on Wednesday 23 March 2005 at 18:30 hour. Participants are expected to register at 8:30~9:00 on Tuesday 22 March 2005, when materials will be handed out. And on Tuesday evening 22 March Welcome Party will be offered.
Costs
　　1. The cost of each trainee totals up to 3000 RMB, if you will only attend the training course.
　　The detail (March 22 – 23) includes: two dinners, two lunches and coffee/tea breaks, materials, training, certificate fee. Participants will have to cover your own accommodation and travel costs, but you can enjoy the discount of accommodation costs according to CNCERT/CC 2005 annual conference.
　　2. The cost of each participant totals up to 4000 RMB, if you will attend the training course (March 22 – 23) and CNCERT/CC 2005 annual conference ((March 24– 25).
　　The detail (March 22 – 25) includes: four dinners, four lunches and coffee/tea breaks, materials, training, certificate fee. Participants will have to cover your own accommodation and travel costs, but you can enjoy the discount of accommodation costs according to CNCERT/CC 2005 annual conference.
How to apply
　　 To apply for a place in the first TRANSITS-China training course, please send before 5 February 2005 (Deadline for sending in applications) an e-mail message to CNCERT/CC with the following information:
　　1.Name, postal address (office), phone and fax number, e-mail address.
　　2. A short curriculum vitae (maximum 300 words), including date of birth, education, working experience, technical knowledge. (This information will be used to ensure that the course content is appropriate for the applicant's skills and experience.)
　　3. Name, address and short description (maximum 200 words) of the organization by which the applicant is employed.
　　4. A short description (maximum 400 words) of the CSIRT for which the applicant works or will work, including date of establishment, constituency, legal/organizational structure, staff size, services offered.
　　Because of the limited quota, participants will be selected from applicants by the criteria of professional and technical background and experience of the applicants, and the current and potential contribution of their CSIRT to the overall security of the Internet.
Contact manner: