[Bp_certs] Publicly Accessible Resources on CERTs/CSIRTs
Robin M. Ruefle
rmr at cert.org
Thu Jul 24 12:03:38 EDT 2014
Hello again,
I have some additional materials/resources to add to the list. Unfortunately only in English. :-) These are some of the documents in the link that Adli mentioned below in the Incident Management link.
>From CERT at the Software Engineering Institute, Carnegie Mellon University
CSIRT Frequently Asked Questions
http://www.cert.org/incident-management/csirt-development/csirt-faq.cfm
a short list that provides quick answers to some common questions about CSIRTs
Creating a Computer Security Incident Response Team: A Process for Getting Started http://www.cert.org/incident-management/products-services/creating-a-csirt.cfm
a brief white paper describing some of the basic requirements for people to consider when creating a CSIRT capability
Action List for Developing a Computer Security Incident Response Team (CSIRT) http://www.cert.org/incident-management/csirt-development/action-list.cfm
a high-level overview of the actions to take and topics to address when planning and implementing a CSIRT
CSIRT Services
http://www.cert.org/incident-management/services.cfm
a descriptive list of the typical services that a CSIRT might provide (this is extracted from content that also appears in some of the above documents, it has just been separated into a separate document for convenience)
Staffing Your Computer Security Incident Response Team - What Basic Skills Are Needed? http://www.cert.org/incident-management/csirt-development/csirt-staffing.cfm
a short paper describing some of the types of core knowledge, skills, and abilities that successful CSIRTs seek in staffing their team
Handbook for CSIRTs
http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=6305
the original seminal work on creating a CSIRT; based on the experiences of the CERT/CC and other response teams during the early development days. This 2nd edition with updated information was released in 2003
Defining Incident Management Processes for CSIRTs: A Work in Progress
http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=7153
This technical report delves into the day-to-day work that teams perform, focusing on a process-oriented approach to defining the CSIRT work.
Incident Management Capability Metrics (IMCM)
http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=8379
adapted from work the SEI did with the DoD and US-CERT, a set of metrics that can be used to evaluate and improve an organization's capability for managing computer network defense.
Mission Risk Diagnostic for Incident Management Capabilities
http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=91452
a tool that can be used to provide a quick evaluation of the potential for success of an organization's CSIRT or incident management capability (IMC). It can be used as an independent technique, or in conjunction with the IMCM.
Organizational Models for Computer Security Incident Response Teams
http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=6295
a technical report that expands on information provided in the original Handbook. It focuses on describing different types of teams (a coordinating center, a security team, distributed teams, etc.). It discusses some of the typical strengths and weaknesses for each type.
Incident Management topics on the Build Security In (BSI) website
<https://buildsecurityin.us-cert.gov/articles/best-practices/incident-management/incident-management>The Incident Management section of the BSI website contains articles that provide an introduction to computer security incident management.
Defining Computer Security Incident Response Teams<https://buildsecurityin.us-cert.gov/articles/best-practices/incident-management/defining-computer-security-incident-management-teams>
This paper introduces and defines various aspects of CSIRTS including activities, roles, staff, and mission.
Avoiding the Trial-by-Fire Approach to Security Incidents<http://www.sei.cmu.edu/library/abstracts/news-at-sei/securitymattersmar99.cfm>
This report assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively.
Case Studies of CSIRTs that were created:
* Colombia<http://www.cert.org/incident-management/publications/case-studies/colombia.cfm>
* Tunisia<http://www.cert.org/incident-management/publications/case-studies/tunisia.cfm>
* Financial Institution<http://www.cert.org/incident-management/publications/case-studies/afi-case-study.cfm>
Materials for National CSIRTs
* Steps for Creating National CSIRTs<http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=53062>
* Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability (Version 2.0)<http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=9999>
* Establishing a National CSIRT<http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=34434> (podcast)
* Tackling Security at the National Level: A Resource for Leaders<http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=34478> (podcast)
Although this is an old document - some of the history and best practices are still relevant.
State of the Practice of Computer Security Incident Response Teams
<http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=6571>
Many of our documents are due to be updated.
We also offer the following courses:
* Overview of Creating and Managing a CSIRT
http://www.sei.cmu.edu/training/P68.cfm
* Creating a CSIRT (1-day)
http://www.sei.cmu.edu/training/P25.cfm
* Managing CSIRTs (3-day)
http://www.sei.cmu.edu/training/P28.cfm
* Fundamentals of Incident Handling (5-day)
http://www.sei.cmu.edu/training/P26.cfm
* Advanced Incident Handling (5-day)
http://www.sei.cmu.edu/training/P23B.cfm
* Advanced Forensic Response and Analysis
http://www.sei.cmu.edu/training/P103.cfm
Robin
Robin Ruefle
Team Lead, CSIRT Development and Training Team
Enterprise Threat and Vulnerability Management Team
CERT Program
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890 U.S.A.
Email: rmr at cert.org
http://www.cert.org/
-----Original Message-----
From: Bp_certs [mailto:bp_certs-bounces at intgovforum.org] On Behalf Of Miroslaw Maj
Sent: Thursday, July 24, 2014 11:15 AM
To: bp_certs at intgovforum.org
Subject: Re: [Bp_certs] Publicly Accessible Resources on CERTs/CSIRTs
W dniu 24/07/14 07:34, Adli Wahid pisze:
> Hi Everyone,
>
> I mentioned in my previous email about resources or references
> available out there on planning, creating, managing CERTs/CSIRTs.
>
> 1. Incident Management Publications -
> http://cert.org/incident-management/publications/index.cfm
>
> 2. ENISA repository on CERT/CSIRT -
> https://www.enisa.europa.eu/activities/cert
It is just worth to add that many ENISA publications are available in various languages.
For example " A step-by-step approach on how to setup a CSIRT"
(https://www.enisa.europa.eu/activities/cert/support/guide) is available in 26 languages including Chinese or Hindi.
Kind Regards
Miroslaw Maj
--
Cybersecurity Foundation
20 Tytoniowa Str
04-228 Warsaw, Poland
tel: +48 22 112 0 800
mobile: +48 608 508 702
e-mail: miroslaw.maj at cybsecurity.org<mailto:miroslaw.maj at cybsecurity.org>
www: http://www.cybsecurity.org/
>
>
>
> Do you know if there is anything else out there? perhaps in different
> languages that could be added to the list.
>
>
> Best Regards,
>
_______________________________________________
Bp_certs mailing list
Bp_certs at intgovforum.org<mailto:Bp_certs at intgovforum.org>
http://mail.intgovforum.org/mailman/listinfo/bp_certs_intgovforum.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://intgovforum.org/pipermail/bp_certs_intgovforum.org/attachments/20140724/581ab1ac/attachment.htm>
More information about the Bp_certs
mailing list