Software Engineering Institute Carnegie Mellon

State of the Practice of Computer Security Incident Response Teams (CSIRTs)

[Abstract]   [Title Page]  
[Who is the CERT CSIRT Development Team and What Do They Do?]   [Preface]  
[Acknowledgements]   [1 Introduction]   [2 Computer Security Incident Response Teams]  
[3 Current State of the Practice of CSIRTs]   [4 Summary]   [5 Future Work]  
[6 Closing Remarks]  [Appendix A: CSIRT Organizational Survey]  
[Appendix B: Comparison of Incident Response Steps and Processes]  
[Appendix C: Training Sources for CSIRTs]   [Appendix D: Cyber Crime Law Resources]  
[Appendix E: Sample Incident Reporting Forms and Flowcharts]   [Bibliography]   [PDF File]
Georgia Killcrece
Klaus-Peter Kossakowski
Robin Ruefle
Mark Zajicek

CMU/SEI-2003-TR-001
ESC-TR-2003-001

October 2003

Networked Systems Survivability Program

 

Unlimited distribution subject to the copyright.

The Software Engineering Institute is a federally funded research and development center sponsored by the U.S. Department of Defense.

Copyright 2004 Carnegie Mellon University.

NO WARRANTY

THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

Use of any trademarks in this report is not intended in any way to infringe on the rights of the trademark holder.

Internal use. Permission to reproduce this document and to prepare derivative works from this document for internal use is granted, provided the copyright and "No Warranty" statements are included with all reproductions and derivative works.

External use. Requests for permission to reproduce this document or prepare derivative works of this document for external and commercial use should be addressed to the SEI Licensing Agent.

This work was created in the performance of Federal Government Contract Number F19628-00-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The Government of the United States has a royalty-free government-purpose license to use, duplicate, or disclose the work, in whole or in part and in any manner, and to have or permit others to do so, for government purposes pursuant to the copyright license under the clause at 52.227-7013.

For information about purchasing paper copies of SEI reports, please visit the publications portion of our Web site (http://www.sei.cmu.edu/publications/pubweb.html)  

 

[Abstract]   [Title Page]  
[Who is the CERT CSIRT Development Team and What Do They Do?]   [Preface]  
[Acknowledgements]   [1 Introduction]   [2 Computer Security Incident Response Teams]  
[3 Current State of the Practice of CSIRTs]   [4 Summary]   [5 Future Work]  
[6 Closing Remarks]  [Appendix A: CSIRT Organizational Survey]  
[Appendix B: Comparison of Incident Response Steps and Processes]  
[Appendix C: Training Sources for CSIRTs]   [Appendix D: Cyber Crime Law Resources]  
[Appendix E: Sample Incident Reporting Forms and Flowcharts]   [Bibliography]   [PDF File]