Operating and Staffing a CSIRT
This collection provides resources useful to the operation and technical issues that CSIRTs must deal with.
Abstract
The resources on this page address practical operational and technical issues that every CSIRT must consider. Below are the resources we provide. Here are a few that are available from other organizations as well:
-
Site Security Handbook (RFC 2196) – Internet Engineering Task Force/Network Working Group memo
This handbook offers information about developing computer security policies and procedures for sites that have systems on the internet. -
The SANS Security Policy Project – SANS website
These resources provide information about the rapid development and implementation of information security policies. -
The Role of Computer Security Incident Response Teams in the Software Development Life Cycle – Build Security In website
This BSI document discusses the role a CSIRT can play in the Systems Development Life Cycle (SDLC). -
Incident Response Career Trends – GovInfoSecurity article
This document provides information about the skills needed today in incident response and describes how professionals can attain or refine those skills.
Collection Contents
-
Incident Management Capability Assessment
December 19, 2018 • Technical Report
By Audrey J. Dorofee, Robin Ruefle, Mark Zajicek, David McIntire, Samuel J. Perl, Christopher J. Alberts, Carly L. Huth, Pennie Walters
The capabilities presented in this report provide a benchmark of incident management practices.
read -
An Introduction to the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC)
May 30, 2014 • Technical Note
By Christopher J. Alberts, Audrey J. Dorofee, Robin Ruefle, Mark Zajicek
The Mission Risk Diagnostic for Incident Management Capabilities revises the Incident Management Mission Diagnostic Method with updated and expanded drivers.
read -
FAQ: Collaboration Between the CERT Coordination Center and Computer Security Incident Response Teams Worldwide
June 19, 2008 • Brochure
This FAQ answers questions related to the collaboration between the CERT/CC and CSIRTs worldwide.
read -
State of the Practice of Computer Security Incident Response Teams (CSIRTs)
October 1, 2003 • Technical Report
By Georgia Killcrece, Klaus-Peter Kossakowski, Robin Ruefle, Mark Zajicek
In this 2003 report, the authors provide a study of the state of the practice of incident response, based on how CSIRTs around the world are operating.
read -
Handbook for Computer Security Incident Response Teams (CSIRTs)
April 1, 2003 • Handbook
By Moira West Brown, Don Stikvoort, Klaus-Peter Kossakowski, Georgia Killcrece, Robin Ruefle, Mark Zajicek
In this 2003 handbook, the authors describe different organizational models for implementing incident handling capabilities.
read -
CSIRT Services
November 25, 2002 • White Paper
In this paper, the authors define computer security incident response team (CSIRT) services.
read