Operating and Staffing a CSIRT
This collection provides resources useful to the operation and technical issues that CSIRTs must deal with.
The resources on this page address practical operational and technical issues that every CSIRT must consider. Below are the resources we provide. Here are a few that are available from other organizations as well:
Site Security Handbook (RFC 2196) – Internet Engineering Task Force/Network Working Group memo
This handbook offers information about developing computer security policies and procedures for sites that have systems on the internet.
The SANS Security Policy Project – SANS website
These resources provide information about the rapid development and implementation of information security policies.
The Role of Computer Security Incident Response Teams in the Software Development Life Cycle – Build Security In website
This BSI document discusses the role a CSIRT can play in the Systems Development Life Cycle (SDLC).
Incident Response Career Trends – GovInfoSecurity article
This document provides information about the skills needed today in incident response and describes how professionals can attain or refine those skills.
Managing incidents that threaten an organization's computer security is complex. The capabilities presented here provide a benchmark of incident management practices.
The Mission Risk Diagnostic for Incident Management Capabilities revises the Incident Management Mission Diagnostic Method with updated and expanded drivers.
FAQ: Collaboration Between the CERT Coordination Center and Computer Security Incident Response Teams Worldwide
This FAQ answers questions related to the collaboration between the CERT/CC and CSIRTs worldwide.
In this 2003 report, the authors provide a study of the state of the practice of incident response, based on how CSIRTs around the world are operating.
In this 2003 handbook, the authors describe different organizational models for implementing incident handling capabilities.