State of the Practice of Computer Security Incident Response Teams (CSIRTs)
[Who is the CERT CSIRT Development Team and What Do They Do?]
[Acknowledgements]
[3 Current State of the Practice of CSIRTs]
[6 Closing Remarks]
[Appendix B: Comparison of Incident Response Steps and Processes]
[Appendix C: Training Sources for CSIRTs]
[Appendix E: Sample Incident Reporting Forms and Flowcharts]
Who is the CERT CSIRT Development Team and What Do They Do?
The CERT CSIRT Development Team helps organizations build their own computer security incident response teams (CSIRTs) and also helps existing teams enhance their effectiveness. The team is an outgrowth of the work and products developed in the CERT Coordination Center (CERT/CC). Our focus is to assist new and existing teams in understanding best practices and recommendations for performing incident handling and related CSIRT services. The guidance provided is based on the history and experiences of the CERT/CC, along with knowledge gained from our extensive collaborations with other teams.
To help organizations, we
- develop and teach courses related to CSIRTs
- work with teams to
- develop strategies to plan and implement CSIRTs
- develop best practices for operating CSIRTs
- adopt CSIRT policies and standard operating procedures
- collaborate with teams to develop documents, templates, and checklists to assist in the incident handling process
- license courses to organizations and train their trainers to deliver the materials
For more information, please contact csirt-info@cert.org.
[Who is the CERT CSIRT Development Team and What Do They Do?]
[Acknowledgements]
[3 Current State of the Practice of CSIRTs]
[6 Closing Remarks]
[Appendix B: Comparison of Incident Response Steps and Processes]
[Appendix C: Training Sources for CSIRTs]
[Appendix E: Sample Incident Reporting Forms and Flowcharts]