Resources for Creating a CSIRT
These resources help you to get started when creating a new CSIRT.
To establish a computer security incident response team (CSIRT), you should understand what type of CSIRT is needed, the type of services that should be offered, the size of the CSIRT and where it should be located in the organization, how much it will cost to implement and support the CSIRT team, and the initial steps necessary to create the CSIRT. The resources on this page will help you answer these and other questions.
This white paper discusses the issues and decisions organizations should address when planning, implementing, and building a CSIRT.
In this paper, the authors summarize actions to take and topics to address when planning and implementing a Computer Security Incident Response Team (CSIRT).
In this report, the authors present a prototype best practice model for performing incident management processes and functions.
In this paper, Georgia Killcrece provides a high-level description of a National Computer Security Incident Response Team (NatCSIRT), its problems, and challenges.
Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability
In this report, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.
Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability, Version 2.0
In this 2011 report, an update to its 2010 counterpart, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.
This FAQ addresses CSIRTS, organizations responsible for receiving, reviewing, and responding to computer security incident reports and activity.
In this paper, the authors define computer security incident response team (CSIRT) services.
This white paper describes a set of skills that CSIRT staff members should have to provide basic incident-handling services.
In this paper, the authors present an attempt to gain a better understanding of how a CSIRT can handle a growing work load with limited resources.
This 2003 report describes different organizational models for implementing incident handling capabilities, including each model's advantages and disadvantages and the kinds of incident management services that best fit with it.
In this paper, the author describes incident management capability and what it implies for controlling security events and incidents.
This article lists resources that developers, architects, and security practitioners can use to build security into software during its development.
This case study describes the experiences of the Columbia CSIRT in getting its organization up and running.
FAQ: Collaboration Between the CERT Coordination Center and Computer Security Incident Response Teams Worldwide
This FAQ answers questions related to the collaboration between the CERT/CC and CSIRTs worldwide.
This case study describes the experiences of the Tunisia CSIRT in getting its organization up and running.
This case study describes the experiences of a financial institution CSIRT in getting its organization up and running.
This procedure describes the steps that incident response teams must take to apply for using the CERT mark in their name.