search menu icon-carat-right cmu-wordmark

Operating and Staffing a CSIRT

This collection provides resources useful to the operation and technical issues that CSIRTs must deal with.

Publisher:

Software Engineering Institute

The resources on this page address practical operational and technical issues that every CSIRT must consider. Below are the resources we provide. Here are a few that are available from other organizations as well:

Incident Management Capability Assessment

December 2018

Managing incidents that threaten an organization's computer security is complex. The capabilities presented here provide a benchmark of incident management practices.

An Introduction to the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC)

May 2014

The Mission Risk Diagnostic for Incident Management Capabilities revises the Incident Management Mission Diagnostic Method with updated and expanded drivers.

FAQ: Collaboration Between the CERT Coordination Center and Computer Security Incident Response Teams Worldwide

June 2008

This FAQ answers questions related to the collaboration between the CERT/CC and CSIRTs worldwide.

State of the Practice of Computer Security Incident Response Teams (CSIRTs)

October 2003

In this 2003 report, the authors provide a study of the state of the practice of incident response, based on how CSIRTs around the world are operating.

Handbook for Computer Security Incident Response Teams (CSIRTs)

April 2003

In this 2003 handbook, the authors describe different organizational models for implementing incident handling capabilities.

CSIRT Services

November 2002

In this paper, the authors define computer security incident response team (CSIRT) services.