Organizational Models for Computer Security Incident Response Teams (CSIRTs)

[Abstract]   [Title Page]   [Preface]   [Acknowledgements]   [1 Introduction]
[2 Establishing CSIRT Capabilities]   [3 Operational Issues]
[4 Security Team--Using Existing IT Staff]   [5 Internal Distributed CSIRT]
[6 Internal Centralized CSIRT]  [7 Combined Distributed and Centralized CSIRT]
[8 Coordinating CSIRT]   [9 Choosing the Right CSIRT Model for Your Organization]
[10 Closing Remarks]   [Appendix Summary of Services Offered] [Bibliography]   [PDF File]

Acknowledgements

We would like to thank our colleagues in the incident handling community who took time to review and comment on this handbook. They gave us insight, resources, suggestions, and help, all of which have made this a better document.

Andrew Cormack, UKERNA

Cristine Hoepers, NBSO/Brazilian CERT

Julie Lucas, CISSP

Rob McMillan, Commonwealth Bank of Australia

Moira West-Brown, former team lead for the CERT Coordination Center (CERT/CC) incident handling team and the CERT CSIRT Development Team

We would also like to recognize the efforts of Moira West-Brown, Klaus-Peter Kossakowski, and Don Stikvoort. They provided, not only as the co-authors of the original Handbook for CSIRTs, but also through their roles within the international CSIRT community, the seeds for this Organizational Models for CSIRTs handbook, which is the next logical step toward a mature understanding of incident response and management processes.

The authors acknowledge Colleen F. Murphy, CISSP, and the Internal Revenue Service for their support during the preliminary investigation of these CSIRT models.

The authors acknowledge the major contributions made to this report by the authors of a preliminary version of this document: Georgia Killcrece, Gene Miluk, and Robin Ruefle.

We would also like to thank the following people for their contributions, support, and assistance in the production of this document:

Barbara Laswell - who continually provided support and encouragement, along with the time and resources to undertake this work.

Pamela Curtis - for guiding us through the technical report process and editing our multitude of changes and never running out of patience or support.

Diane Bradley and Pam Williams - who help us daily to organize information and whose support contributes to our work more than they know.