Organizational Models for Computer Security Incident Response Teams (CSIRTs)
[Abstract]
[Title Page]
[Preface] [Acknowledgements]
[1 Introduction]
[2
Establishing CSIRT Capabilities] [3
Operational Issues]
[4
Security Team--Using Existing IT Staff] [5
Internal Distributed CSIRT]
[6
Internal Centralized CSIRT] [7
Combined Distributed and Centralized CSIRT]
[8
Coordinating CSIRT] [9
Choosing the Right CSIRT Model for Your Organization]
[10 Closing Remarks] [Appendix
Summary of Services Offered] [Bibliography]
[PDF
File]
Appendix Summary of Services Offered
The chart on the next two pages summarizes the services offered by each type of CSIRT described in this handbook. The services are categorized by type and according to the following:
|
Core:
|
A basic service provided by the members of the team
|
|
Additional:
|
A service that can be provided if the appropriate resources and expertise are available
|
|
Unusual:
|
A service not generally provided by this type of team, unless special circumstances exist
|
 |
|
|
Service Category
|
Services
|
Security Team
|
Distributed
|
Centralized
|
Combined
|
Coordinating
|
|
Reactive
|
Alerts and Warnings
|
Additional
|
Core
|
Core
|
Core
|
Core
|
|
|
Incident Handling
|
Incident Analysis
|
Core
|
Core
|
Core
|
Core
|
Core
|
|
|
|
Incident Response On Site
|
Core
|
Additional
|
Additional
|
Additional
|
Unusual
|
|
|
|
Incident Response Support
|
Unusual
|
Core
|
Core
|
Core
|
Core
|
|
|
|
Incident Response Coordination
|
Core
|
Core
|
Core
|
Core
|
Core
|
|
|
Vulnerability Handling
|
Vulnerability Analysis
|
Additional
|
Additional
|
Additional
|
Additional
|
Additional
|
|
|
|
Vulnerability Response
|
Core
|
Additional
|
Unusual
|
Additional
|
Additional
|
|
|
|
Vulnerability Response Coordination
|
Additional
|
Core
|
Core
|
Core
|
Core
|
|
|
Artifact Handling
|
Artifact Analysis
|
Additional
|
Additional
|
Additional
|
Additional
|
Additional
|
|
|
|
Artifact Response
|
Core
|
Additional
|
Unusual
|
Additional
|
Additional
|
|
|
|
Artifact Response Coordination
|
Additional
|
Additional
|
Core
|
Core
|
Core
|
| Proactive |
Announcements |
Unusual |
Core
|
Core
|
Core
|
Core
|
| |
Technology Watch |
Unusual
|
Additional
|
Core
|
Core
|
Core
|
| |
Security Audits and Assessments |
Unusual
|
Additional
|
Additional
|
Additional
|
Unusual
|
| |
Configuration and Maintenance of Security Tools, Applications, and Infrastructures |
Core
|
Additional
|
Additional
|
Additional
|
Unusual
|
| |
Development of Security Tools |
Additional
|
Additional
|
Additional
|
Additional
|
Additional
|
| |
Intrusion Detection Services |
Core
|
Additional
|
Additional
|
Additional
|
Unusual
|
| |
Security-Related Information Dissemination |
Unusual
|
Additional
|
Core
|
Core
|
Core
|
|
Security Quality Management
|
Risk Analysis |
Unusual
|
Additional
|
Additional
|
Additional
|
Additional
|
| |
Business Continuity and Disaster Recovery Planning |
Unusual
|
Additional
|
Additional
|
Additional
|
Additional
|
| |
Security Consulting |
Unusual
|
Additional
|
Additional
|
Additional
|
Additional
|
| |
Awareness Building |
Unusual
|
Additional
|
Additional
|
Additional
|
Core
|
| |
Education/Training |
Unusual
|
Additional
|
Additional
|
Additional
|
Core
|
| |
Product Evaluation or Certification
|
Unusual
|
Additional
|
Additional
|
Additional
|
Additional
|
[Abstract] [Title Page] [Preface] [Acknowledgements] [1 Introduction]
[2
Establishing CSIRT Capabilities] [3
Operational Issues]
[4
Security Team--Using Existing IT Staff] [5
Internal Distributed CSIRT]
[6
Internal Centralized CSIRT] [7
Combined Distributed and Centralized CSIRT]
[8
Coordinating CSIRT] [9
Choosing the Right CSIRT Model for Your Organization]
[10 Closing Remarks] [Appendix
Summary of Services Offered] [Bibliography] [PDF
File]
