Advanced Search

Content Type

Topics

Publication Date

Handbook for Computer Security Incident Response Teams (CSIRTs)

Abstract

This document provides guidance on forming and operating a computer security incident response team (CSIRT). In particular, it helps an organization to define and document the nature and scope of a computer security incident handling service, which is the core service of a CSIRT. The document explains the functions that make up the service; how those functions interrelate; and the tools, procedures, and roles necessary to implement the service. 

This document also describes how CSIRTs interact with other organizations and how to handle sensitive information. In addition, operational and technical issues are covered, such as equipment, security, and staffing considerations. This document is intended to provide a valuable resource to both newly forming teams and existing teams whose services, policies, and procedures are not clearly defined or documented. The primary audience for this document is managers who are responsible for the creation or operation of a CSIRT or an incident handling service. It can also be used as a reference for all CSIRT staff, higher level managers, and others who interact with a CSIRT.

Cite This Report

Show Citation Formats

SEI

West Brown, Moira; Stikvoort, Don; Kossakowski, Klaus-Peter; Killcrece, Georgia; Ruefle, Robin; & Zajicek, Mark. Handbook for Computer Security Incident Response Teams (CSIRTs) (CMU/SEI-2003-HB-002 ). Software Engineering Institute, Carnegie Mellon University, 2003. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6305

IEEE

West Brown. Moira, Stikvoort. Don, Kossakowski. Klaus-Peter, Killcrece. Georgia, Ruefle. Robin, and Zajicek. Mark, "Handbook for Computer Security Incident Response Teams (CSIRTs)," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Handbook CMU/SEI-2003-HB-002 , 2003. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6305

APA

West Brown, Moira., Stikvoort, Don., Kossakowski, Klaus-Peter., Killcrece, Georgia., Ruefle, Robin., & Zajicek, Mark. (2003). Handbook for Computer Security Incident Response Teams (CSIRTs) (CMU/SEI-2003-HB-002 ). Retrieved November 29, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6305

CHI

Moira West Brown, Don Stikvoort, Klaus-Peter Kossakowski, Georgia Killcrece, Robin Ruefle, & Mark Zajicek. Handbook for Computer Security Incident Response Teams (CSIRTs) (CMU/SEI-2003-HB-002 ). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2003. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6305

MLA

West Brown, Moira., Stikvoort, Don., Kossakowski, Klaus-Peter., Killcrece, Georgia., Ruefle, Robin., & Zajicek, Mark. 2003. Handbook for Computer Security Incident Response Teams (CSIRTs) (Technical Report CMU/SEI-2003-HB-002 ). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6305