Resources for Creating a CSIRT
• Collection
Publisher
Software Engineering Institute
Topic or Tag
Abstract
To establish a computer security incident response team (CSIRT), you should understand what type of CSIRT is needed, the type of services that should be offered, the size of the CSIRT and where it should be located in the organization, how much it will cost to implement and support the CSIRT team, and the initial steps necessary to create the CSIRT. The resources on this page will help you answer these and other questions.
Collection Items
Create a CSIRT
• White Paper
By Software Engineering Institute
This white paper discusses the issues and decisions organizations should address when planning, implementing, and building a CSIRT.
ReadAction List for Developing a Computer Security Incident Response Team (CSIRT)
• White Paper
By Software Engineering Institute
In this paper, the authors summarize actions to take and topics to address when planning and implementing a Computer Security Incident Response Team (CSIRT).
ReadDefining Incident Management Processes for CSIRTs: A Work in Progress
• Technical Report
By Christopher J. Alberts, Audrey J. Dorofee, Georgia Killcrece, Robin Ruefle, Mark Zajicek
In this report, the authors present a prototype best practice model for performing incident management processes and functions.
ReadSteps for Creating National CSIRTs
• White Paper
By Georgia Killcrece
In this paper, Georgia Killcrece provides a high-level description of a National Computer Security Incident Response Team (NatCSIRT), its problems, and challenges.
ReadBest Practices for National Cyber Security: Building a National Computer Security Incident Management Capability
• Special Report
By John Haller, Samuel A. Merrell, Matthew J. Butkovic, Bradford J. Willke
In this report, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.
ReadBest Practices for National Cyber Security: Building a National Computer Security Incident Management Capability, Version 2.0
• Technical Report
By John Haller, Samuel A. Merrell, Matthew J. Butkovic, Bradford J. Willke
In this 2011 report, an update to its 2010 counterpart, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.
ReadCSIRT Frequently Asked Questions (FAQ)
• White Paper
By Software Engineering Institute
This FAQ addresses CSIRTS, organizations responsible for receiving, reviewing, and responding to computer security incident reports and activity.
ReadCSIRT Services
• White Paper
By Forum of Incident Response and Security Teams
In this paper, the authors define computer security incident response team (CSIRT) services.
ReadSkills Needed When Staffing Your CSIRT
• White Paper
By Software Engineering Institute
This white paper describes a set of skills that CSIRT staff members should have to provide basic incident-handling services.
ReadLimits to Effectiveness in Computer Security Incident Response Teams
• White Paper
By Johannes Wiik (Agder University College Norway), Jose J. Gonzalez (Agder University College Norway)
In this paper, the authors present an attempt to gain a better understanding of how a CSIRT can handle a growing work load with limited resources.
ReadOrganizational Models for Computer Security Incident Response Teams (CSIRTs)
• Handbook
By Georgia Killcrece, Klaus-Peter Kossakowski, Robin Ruefle, Mark Zajicek
This 2003 report describes different organizational models for implementing incident handling capabilities, including each model's advantages and disadvantages and the kinds of incident management services that best fit with it.
ReadIncident Management
• White Paper
By Georgia Killcrece
In this paper, the author describes incident management capability and what it implies for controlling security events and incidents.
ReadBuild Security In
• Article
By DHS
This article lists resources that developers, architects, and security practitioners can use to build security into software during its development.
ReadColumbia CSIRT Case Study
• White Paper
By Software Engineering Institute
This case study describes the experiences of the Columbia CSIRT in getting its organization up and running.
ReadFAQ: Collaboration Between the CERT Coordination Center and Computer Security Incident Response Teams Worldwide
• Brochure
By Software Engineering Institute
This FAQ answers questions related to the collaboration between the CERT/CC and CSIRTs worldwide.
Learn MoreTunisia Case Study
• White Paper
By Software Engineering Institute
This case study describes the experiences of the Tunisia CSIRT in getting its organization up and running.
ReadFinancial Institution CSIRT Case Study
• White Paper
By Software Engineering Institute
This case study describes the experiences of a financial institution CSIRT in getting its organization up and running.
ReadGuidelines for Use of “CERT”
• Brochure
By Software Engineering Institute
These guidelines for using “CERT” help to protect and strengthen the use of the word by everyone.
Learn MorePart of a Collection
CSIRT Resources