Handbook for Computer Security Incident Response Teams (CSIRTs)

West-brown, Moira; Stikvoort, Don; Kossakowski, Klaus-peter

Handbook for Computer Security Incident Response Teams (CSIRTs)

Active / Technical Report | Accession Number: ADA358945 |

Open PDF

Abstract:

This document provides guidance on the generic issues to consider when forming and operating a computer security incident response team OSIRT. In particular, it helps an organization to define and document the nature and scope of a computer security incident response OSIR service, which is the core service of a CSlRT. The document discusses the functions that make up the service how those functions interrelate and the tools, procedures, and roles necessary to implement the service. This document also describes how OSIRTs interact with other organizations and how to handle often sensitive information. In addition, operational and technical issues are addressed, such as equipment, security, and staffing considerations. This document is intended to provide a valuable resource to both newly forming teams and existing teams whose services, policies, and procedures are not clearly defined or documented. The primary audience for this document consists of managers responsible for the creation or operation of a CSlRT or a CSlR service. It can also be used as a reference for all OSIRT staff, higher-level managers, and others who interact with a OSIRT.

Author(s):

West-brown, Moira ; Stikvoort, Don ; Kossakowski, Klaus-peter

Author Organization(s):

CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST

Descriptive Note:

Final rept

Supplementary Note:

DOI: 10.21236/ADA358945

Pagination:

0183

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

CMU/SEI-98-HB-001

Contract/Grant Number(s):

F19628-95-C-0003

Monitor Series:

ESC*

Subject Terms

Joint Capability Areas:

JCA_5_Command and Control; JCA_6.4.1_Secure Information Exchange; JCA_6_Net Centric; JCA_5.3_Planning; JCA_5.2_Understand; JCA_5.2.3_Share Knowledge and Situational Awareness; JCA_6.4.2_Protect Data and Networks; JCA_6.4_Information Assurance; JCA_8_Building Partnerships; JCA_5.5_Direct; JCA_8.2_Shape; JCA_5.5.1_Communicate Intent and Guidance; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_7_Protection; JCA_5.3.2_Apply Situational Understanding; JCA_6.1.3_Switching and Routing; JCA_6.1.1_Wired Transmission; JCA_6.1_Information Transport; JCA_7.2_Mitigate; JCA_7.2.1_Mitigate Lethal Effects; JCA_1_Force Support

Communities of Interest:

Cyber

Descriptor(s):

*DATA PROCESSING SECURITY, *HANDBOOKS, *ELECTRONIC SECURITY, POLICIES, TEAMS(PERSONNEL), SENSITIVITY, RESPONSE, RESOURCES, VALUE

Field(s)/Group(s):

Computer Systems Management and Standards

Keyword(s):

CSIRT(COMPUTER SECURITY INCIDENT RESPONSE TEAMS)

Report Date:

1998 Dec 01

Creation Date:

1999 Jan 27