Operating and Staffing a CSIRT
This collection provides resources useful to the operation and technical issues that CSIRTs must deal with.
The resources on this page address practical operational and technical issues that every CSIRT must consider. Below are the resources we provide. Here are a few that are available from other organizations as well:
Site Security Handbook (RFC 2196) – Internet Engineering Task Force/Network Working Group memo
This handbook offers information about developing computer security policies and procedures for sites that have systems on the internet.
The SANS Security Policy Project – SANS website
These resources provide information about the rapid development and implementation of information security policies.
The Role of Computer Security Incident Response Teams in the Software Development Life Cycle – Build Security In website
This BSI document discusses the role a CSIRT can play in the Systems Development Life Cycle (SDLC).
Incident Response Career Trends – GovInfoSecurity article
This document provides information about the skills needed today in incident response and describes how professionals can attain or refine those skills.
December 19, 2018 • Technical Report
By Audrey J. Dorofee, Robin Ruefle, Mark Zajicek, David McIntire, Samuel J. Perl, Christopher J. Alberts, Carly L. Huth, Pennie Walters
Managing incidents that threaten an organization's computer security is complex. The capabilities presented here provide a benchmark of incident management practices.read
May 30, 2014 • Technical Note
The Mission Risk Diagnostic for Incident Management Capabilities revises the Incident Management Mission Diagnostic Method with updated and expanded drivers.read
FAQ: Collaboration Between the CERT Coordination Center and Computer Security Incident Response Teams Worldwide
June 19, 2008 • Brochure
This FAQ answers questions related to the collaboration between the CERT/CC and CSIRTs worldwide.read
October 1, 2003 • Technical Report
In this 2003 report, the authors provide a study of the state of the practice of incident response, based on how CSIRTs around the world are operating.read
April 1, 2003 • Handbook
By Moira West Brown, Don Stikvoort, Klaus-Peter Kossakowski, Georgia Killcrece, Robin Ruefle, Mark Zajicek
In this 2003 handbook, the authors describe different organizational models for implementing incident handling capabilities.read