...
The training will/should provide an overview about available monitoring and logging tools, central system logging and techniques used to analyse those combined loggings. Only centralized logging helps to combine system and network activities and get a comprehensive look on the overall attack.
ForensicsForensics
Forensic scientists collect, preserve, and analyze scientific evidence during the course of an investigation. Forensics includes but is not limited to system and user behaviour, file system content, communication patterns etc. There are a lot of techniques and tools out there, which can help to investigate on an suspicious activity within the system. The trainings should help system and network admins to doing their day to day business with the safeness on board to being wapponed against threads coming from the outside world.
Incident Incident response and analysis
Any outward facing service provides a potential attack surface. Incidents should be expected by users, administrators and response teams. Proper response and analysis is critical to reduce continued risk. All levels of an E-Infrastructure should know exactly how to handle an incident. This starts with what to do with the service in question to preserve important forensic information, who to contact in event of a breach or attack, how to limit unfavorable consequences, and how to notify the community of the incident. This will also include contacting collaborating E-Infrastructures to be sure they are not also affected by the breach or attack.
...