Resources for Creating a CSIRT
• Collection
Publisher
Software Engineering Institute
Abstract
To establish a computer security incident response team (CSIRT), you should understand what type of CSIRT is needed, the type of services that should be offered, the size of the CSIRT and where it should be located in the organization, how much it will cost to implement and support the CSIRT team, and the initial steps necessary to create the CSIRT. The resources on this page will help you answer these and other questions.
Collection Items

Create a CSIRT
• White Paper
By Software Engineering Institute
This white paper discusses the issues and decisions organizations should address when planning, implementing, and building a CSIRT.
Read
Action List for Developing a Computer Security Incident Response Team (CSIRT)
• White Paper
By Software Engineering Institute
In this paper, the authors summarize actions to take and topics to address when planning and implementing a Computer Security Incident Response Team (CSIRT).
Read
Defining Incident Management Processes for CSIRTs: A Work in Progress
• Technical Report
By Christopher J. Alberts, Audrey J. Dorofee, Georgia Killcrece, Robin Ruefle, Mark Zajicek
In this report, the authors present a prototype best practice model for performing incident management processes and functions.
Read
Steps for Creating National CSIRTs
• White Paper
By Georgia Killcrece
In this paper, Georgia Killcrece provides a high-level description of a National Computer Security Incident Response Team (NatCSIRT), its problems, and challenges.
Read
Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability
• Special Report
By John Haller, Samuel A. Merrell, Matthew J. Butkovic, Bradford J. Willke
In this report, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.
Read
Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability, Version 2.0
• Technical Report
By John Haller, Samuel A. Merrell, Matthew J. Butkovic, Bradford J. Willke
In this 2011 report, an update to its 2010 counterpart, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.
Read
CSIRT Frequently Asked Questions (FAQ)
• White Paper
By Software Engineering Institute
This FAQ addresses CSIRTS, organizations responsible for receiving, reviewing, and responding to computer security incident reports and activity.
Read
CSIRT Services
• White Paper
By Software Engineering Institute
In this paper, the authors define computer security incident response team (CSIRT) services.
Read
Skills Needed When Staffing Your CSIRT
• White Paper
By Software Engineering Institute
This white paper describes a set of skills that CSIRT staff members should have to provide basic incident-handling services.
Read
Limits to Effectiveness in Computer Security Incident Response Teams
• White Paper
By Johannes Wiik (Agder University College Norway), Jose J. Gonzalez (Agder University College Norway)
In this paper, the authors present an attempt to gain a better understanding of how a CSIRT can handle a growing work load with limited resources.
ReadPart of a Collection
CSIRT Resources