Computer forensics EC-Council V2-module4

Csirt Handbook
Csirt Handbook

Support Type



This might range from issues like “Forming a new CSIRT” to technical tutorials to
understand the nature of incidents.

Out-of-Hours Coverage

While one CSIRT may only provide service during business hours, another fellow
CSIRT may take calls during other hours as part of a collaboration agreement. This is
particularly relevant if a team operates under the indirect control of a coordination

Technical Expertise

To address technical questions and share this knowledge with other teams.

Cooperative Work

To address problems that are too difficult to solve with the resources of a single
team, two or more teams might come together and collaborate to seek the solution to
such a problem. This handbook is a good example of this kind of cooperation.

Other Opinions

While working on the solution to a particular problem, the members of the team
involved may be too close to the problem to view it objectively. To avoid the
negative impact that might arise in these instances, another team might be asked to
review and provide an opinion on the proposed solution before it is publicly
distributed. Existing CSIRTs have a long history of exchanging draft advisories and
often incorporate many suggestions before the final advisory is released.

Point of Contact to Other
Teams or Experts

Since a team might need a trusted contact for a specific site or network, they can ask
other teams whether they have an established contact or if they know somebody else
to ask. This also holds true for contacts to technical experts and vendors.

