Resources for Creating a CSIRT
These resources help you to get started when creating a new CSIRT.
Abstract
To establish a computer security incident response team (CSIRT), you should understand what type of CSIRT is needed, the type of services that should be offered, the size of the CSIRT and where it should be located in the organization, how much it will cost to implement and support the CSIRT team, and the initial steps necessary to create the CSIRT. The resources on this page will help you answer these and other questions.
Collection Contents
-
Create a CSIRT
January 18, 2017 • White Paper
This white paper discusses the issues and decisions organizations should address when planning, implementing, and building a CSIRT.
read -
Action List for Developing a Computer Security Incident Response Team (CSIRT)
November 2, 2006 • White Paper
In this paper, the authors summarize actions to take and topics to address when planning and implementing a Computer Security Incident Response Team (CSIRT).
read -
Defining Incident Management Processes for CSIRTs: A Work in Progress
October 1, 2004 • Technical Report
By Christopher J. Alberts, Audrey J. Dorofee, Georgia Killcrece, Robin Ruefle, Mark Zajicek
In this report, the authors present a prototype best practice model for performing incident management processes and functions.
read -
Steps for Creating National CSIRTs
August 2, 2004 • White Paper
By Georgia Killcrece
In this paper, Georgia Killcrece provides a high-level description of a National Computer Security Incident Response Team (NatCSIRT), its problems, and challenges.
read -
Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability
June 1, 2010 • Special Report
By John Haller, Samuel A. Merrell, Matthew J. Butkovic, Bradford J. Willke
In this report, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.
read -
Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability, Version 2.0
April 1, 2011 • Technical Report
By John Haller, Samuel A. Merrell, Matthew J. Butkovic, Bradford J. Willke
In this 2011 report, an update to its 2010 counterpart, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.
read -
CSIRT Frequently Asked Questions (FAQ)
January 18, 2017 • White Paper
This FAQ addresses CSIRTS, organizations responsible for receiving, reviewing, and responding to computer security incident reports and activity.
read -
CSIRT Services
November 25, 2002 • White Paper
In this paper, the authors define computer security incident response team (CSIRT) services.
read -
Skills Needed When Staffing Your CSIRT
January 18, 2017 • White Paper
This white paper describes a set of skills that CSIRT staff members should have to provide basic incident-handling services.
read -
Limits to Effectiveness in Computer Security Incident Response Teams
August 22, 2005 • White Paper
By Johannes Wiik (Agder University College Norway), Jose J. Gonzalez (Agder University College Norway)
In this paper, the authors present an attempt to gain a better understanding of how a CSIRT can handle a growing work load with limited resources.
read -
Organizational Models for Computer Security Incident Response Teams (CSIRTs)
December 1, 2003 • Handbook
By Georgia Killcrece, Klaus-Peter Kossakowski, Robin Ruefle, Mark Zajicek
This 2003 report describes different organizational models for implementing incident handling capabilities, including each model's advantages and disadvantages and the kinds of incident management services that best fit with it.
read -
Incident Management
December 1, 2005 • White Paper
By Georgia Killcrece
In this paper, the author describes incident management capability and what it implies for controlling security events and incidents.
read -
Build Security In
January 18, 2017 • Article
This article lists resources that developers, architects, and security practitioners can use to build security into software during its development.
read -
Columbia CSIRT Case Study
January 24, 2013 • White Paper
This case study describes the experiences of the Columbia CSIRT in getting its organization up and running.
read -
FAQ: Collaboration Between the CERT Coordination Center and Computer Security Incident Response Teams Worldwide
June 19, 2008 • Brochure
This FAQ answers questions related to the collaboration between the CERT/CC and CSIRTs worldwide.
read -
Tunisia Case Study
January 24, 2013 • White Paper
This case study describes the experiences of the Tunisia CSIRT in getting its organization up and running.
read -
Financial Institution CSIRT Case Study
January 22, 2004 • White Paper
This case study describes the experiences of a financial institution CSIRT in getting its organization up and running.
read -
Steps in the Process for Becoming an Authorized User
February 8, 2013 • Brochure
This procedure describes the steps that incident response teams must take to apply for using the CERT mark in their name.
read -
Guidelines for Use of “CERT”
October 7, 2011 • Brochure
These guidelines for using “CERT” help to protect and strengthen the use of the word by everyone.
read