Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword or section
Like this

Table Of Contents

1 Introduction
1.1 Scope of the Document
1.2 Intended Audience
1.3 Use of This Document
1.4 Document Structure
2 Basic Issues
2.1 CSIRT Framework
2.1.1 Mission Statement
2.1.2 Constituency
Table 2: Possible Authority Relationships Between a CSIRT and Its Constituency
2.1.3 Place in Organization
Figure 1: CSIRT Within an Organization
2.1.4 Relationship to Other Teams
Figure 2: CSIRT Peer Relationships
2.2 Service and Quality Framework
Figure 3: Service and Quality Framework as Derived from Mission Statement
Table 3: Service Description Attributes
2.3 CSIRT Services
2.3.1 Service Categories
Table 4: List of Common CSIRT Services
2.3.2 Service Descriptions
2.3.3 Selection of Services
2.4 Information Flow
2.5 Policies
2.5.1 Attributes
Table 6: Basic Policy Attributes
2.5.2 Content
Table 7: Policy Content Features
2.5.3 Validation
2.5.4 Implementation, Maintenance, and Enforcement
2.6 Quality Assurance
2.6.1 Definition of a Quality System
2.6.2 Checks: Measurement of Quality Parameters
2.6.3 Balances: Procedures to Assure Quality
2.6.4 Constituents’ View of Quality
2.7 Adapting to Specific Needs
2.7.1 The Need for Flexibility
Table 8: Examples of Dynamic Environment Factors and Their Impact on CSIRTs
2.7.2 Legal Issues
2.7.3 Institutional Regulations
3 Incident Handling Service
3.1 Service Description
3.1.1 Objective
3.1.2 Definition
3.1.3 Function Descriptions
3.1.4 Availability
3.1.5 Quality Assurance
3.1.6 Interactions and Information Disclosure
3.1.7 Interfaces with Other Services
3.1.8 Priority
3.2 Service Functions Overview
3.3 Triage Function
3.3.1 Use of Tracking Numbers
3.3.2 Use of Standard Reporting Forms
3.3.3 Preregistration of Contact Information
3.4 Handling Function
Table 13: Possible Instantiations of Handling Function Attributes
3.4.1 Incident Life Cycle
Figure 5: CERT/CC Incident Handling Life Cycle
3.4.2 Incident Analysis
Table 14: Analysis Depth Factors
3.4.3 Tracking Incident Information
3.5 Announcement Function
3.5.1 Announcement Types
3.5.3 Announcement Life Cycle
3.6 Feedback Function
3.7 Interactions
3.7.1 Points of Contact
3.7.2 Authentication
3.7.3 Secure Communication
3.7.4 Special Considerations
Table 17: Possible Inter-Team Support Types
Table 18: Considerations for Information Sharing
3.8 Information Handling
3.8.1 Information Collection
3.8.2 Information Verification
3.8.3 Information Categorization
3.8.4 Information Storage
3.8.5 Information Sanitizing and Disposal
3.8.6 Prioritization Criteria
3.8.7 Escalation Criteria
3.8.8 Information Disclosure
4 Team Operations
4.2 Fundamental Policies
4.2.1 Code of Conduct
4.2.2 Information Categorization Policy
Figure 6: CERT/CC Code of Conduct
4.2.3 Information Disclosure Policy
4.2.4 Media Policy
4.2.5 Security Policy
4.2.6 Human Error Policy
4.3 Continuity Assurance
4.3.1 Continuity Threats
4.3.2 Workflow Management
4.3.3 Out-Of-Hours Coverage
4.4 Security Management
4.5 Staff Issues
4.5.1 CSIRT Staff
4.5.2 Hiring Staff
4.5.3 Arrival and Exit Procedures
4.5.4 Training Staff
4.5.6 Extension of Staff
5 Closing Remarks
5.1 Closing Remarks from the First Edition
5.2 Closing Remarks for the Second Edition
Appendix A: About the Authors
Appendix B: Glossary
0 of .
Results for:
No results containing your search query
P. 1
Handbook for Computer Security Incident Response Teams (CSIRTs)

Handbook for Computer Security Incident Response Teams (CSIRTs)

|Views: 375|Likes:
Published by epocableoils

More info:

Published by: epocableoils on Apr 09, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





You're Reading a Free Preview
Pages 5 to 21 are not shown in this preview.
You're Reading a Free Preview
Pages 26 to 115 are not shown in this preview.
You're Reading a Free Preview
Pages 120 to 179 are not shown in this preview.
You're Reading a Free Preview
Pages 184 to 194 are not shown in this preview.
You're Reading a Free Preview
Pages 199 to 223 are not shown in this preview.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->