copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Publications » CSIRT Resources
 

CSIRT Resources
Date: 27 February 2004

Click here for printable version

Introduction

With the increased complexity of incidents the need for a formalised incident response capability in organisations is growing more important all the time. Here we provide pointers to some Internet resources for those people interested in designing, developing and implementing a Computer Security Incident Response Team (CSIRT).

Developing a CSIRT

CERT/CC Resources

CERT/CC CSIRT Development resources

The CERT/CC maintains an extensive CSIRT development site based on their own materials and many pointers to other Internet resources.

The many useful resources there include:

Handbook for CSIRTs

A detailed guide covering all the major areas of CSIRT development and implementation including CSIRT frameworks, policies, incident and vulnerability handling, and team operations. Written by very well experienced CSIRT staff from well established teams.

State of the practice of computer security incident response

What to know how real CSIRTs are structured, what services they provide, their funding models, staffing and many other details about their operations? Then check this report out. Based on the results of surveys sent to CSIRTs and their own vast experiences in the CSIRT community the authors provide a useful look in the current state of practice for CSIRTs around the world. Includes real examples of incident reporting forms and a useful bibiography.

Other useful CERT/CC documents include:

Creating a Computer Security Incident Response Team: A Process for Getting Started

Staffing Your Computer Security Incident Response Team - What Basic Skills Are Needed?

CSIRT FAQ

Sun Security Blueprints

Responding to Customer's Security Incidents--Part 1: Establishing Teams and a Policy"

A guide for setting up a CSIRT within a corporate environment. The Responding to Customer's Security Incidents series continues with a number of other blueprints relating to setting up, implementing and doing incident response for organisations. See below for more details.

AusCERT papers

Forming an Incident Response Team

This paper describes the formation of AusCERT and provides a lot of practical information in terms of setting up a CSIRT.

CSIRT regional initiatives and forums

Looking for a CSIRT that may be able to assist you on an incident you are working on? All the groups below maintain a list of their members that you might be able to use as a starting point.

Forum of Incident Response and Security Teams (FIRST)

FIRST is a coalition of CSIRTs around the world including national, corporate, government and many industry sectors. FIRST provides a forum for CSIRTs to exchange and resolve incidents on an international basis. They also hold an annual conference dedicated to CSIRTs.

APCERT

The Asia Pacific Computer Emergency Response Teams are a coalition of CSIRTs in Asia Pacific. They also an annual conference dedicated to CSIRTs.

Trusted Introducer for CSIRTs in Europe

The Trusted Introducer for CSIRTs in Europe maintains a list of all known European CSIRTs.

CSIRT Training

The following organisations provide a variety of training targeted specifically to CSIRTs including development, design, implementation and operations.

AusCERT CSIRT Training

CERT/CC Training

Training of Network Security Incident Teams Staff (TRANSITS)

Incident Handling Guidelines

CERT/CC Resources

CERT/CC Security Improvements Modules

The CERT/CC have produced many technical publications (security improvement modules) dealing with operational and implementation of various security processes. These include modules describing preparing for, detecting and responding with computer intrusions.

Sun Security Blueprints

Sun have prepared a number of technical documents (blueprints) which provide practical recommendations on many areas including security. Amongst the numerous other security blueprints the following describe CSIRT operations and response:

Responding to Customer's Security Incidents--Part 1: Establishing Teams and a Policy

Responding to Customer's Security Incidents--Part 2: Executing a Policy

Responding to Customer's Security Incidents--Part 3: Following Up After an Incident

Responding to a Customer's Security Incidents--Part 4: Processing Incident Data

National Institute of Standards and Technology (NIST)

NIST SP 800-61 Computer Security Incident Handling Guide

Adobe Acrobat Reader .pdf file (2.71MB)

Zipped .pdf file (1.6MB)

This 148 page document provides extensive examples, guidelines and recommendations for handling many different guides of incidents including denial of service, unauthorised access and inappropriate usage. It also has a useful selection of appendices including recommendations, scenarios, print and online resources, and FAQ.

Tools

CHIHT - Clearing House for Incident Handling Tools

Contains an extensive list of security tools which may be useful to CSIRTs divided into useful categories such as tools for gathering evidence, implementing CSIRT operational procedures, proactive tools for detecting vulnerabilities and other threats.

Insecure.org's Top 75 Security Tools

A list of the most popular security tools based on a survey of various security professionals and users.



Comments? Click here http://www.auscert.org.au/render.html?cid=1920&it=3896