Operating and Staffing a CSIRT
The resources on this page address practical operational and technical issues that every CSIRT must consider. Below are the resources we provide. Here are a few that are available from other organizations as well:
- Site Security Handbook (RFC 2196) – Internet Engineering Task Force/Network Working Group memo
This handbook offers information about developing computer security policies and procedures for sites that have systems on the Internet.
- The SANS Security Policy Project – SANS website
These resources provide information about the rapid development and implementation of information security policies.
- The Role of Computer Security Incident Response Teams in the Software Development Life Cycle –
This BSI document discusses the role a CSIRT can play in the Systems Development Life Cycle (SDLC).
- Incident Response Career Trends – GovInfoSecurity article
This document provides information about the skills needed today in incident response and describes how professionals can attain or refine those skills.
An Introduction to the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC)
• Technical Note
The Mission Risk Diagnostic for Incident Management Capabilities revises the Incident Management Mission Diagnostic Method with updated and expanded drivers.Read
FAQ: Collaboration Between the CERT Coordination Center and Computer Security Incident Response Teams Worldwide
By Software Engineering Institute
This FAQ answers questions related to the collaboration between the CERT/CC and CSIRTs worldwide.Learn More
State of the Practice of Computer Security Incident Response Teams (CSIRTs)
• Technical Report
In this 2003 report, the authors provide a study of the state of the practice of incident response, based on how CSIRTs around the world are operating.Read
Handbook for Computer Security Incident Response Teams (CSIRTs)
By Moira West Brown, Don Stikvoort, Klaus-Peter Kossakowski, Georgia Killcrece, Robin Ruefle, Mark Zajicek
In this 2003 handbook, the authors describe different organizational models for implementing incident handling capabilities.Read