| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Keys to Successful Incident Response Teams Incident Response Teams (IRTs) initially evolved in response to the growing threat of viruses and hacker attempts. In late 1988, a worm infected nearly 10 percent of the computers existing on the Internet. This was the first well-publicized example of how a small program could cause such extensive damage. (Warning: here come the acronyms...) As a result, the first official Incident Response Team, Computer Emergency Response Team (CERT), was born through the Defense Advanced Research Projects Agency (DARPA). By the end of 1990, 11 teams, including CERT and the Computer Incident Advisory Committee (CIAC), created an international organization, the Forum of Incident Response and Security Teams (FIRST) to communicate and coordinate between teams.
03/24/2004
|
|
Staffing Your Computer Security Incident Response Team – What Basic Skills Are Needed? In this document, we describe a minimum set of basic skills CSIRT staff members should have. This skill summary is based on the early incident handling experiences of the CERT Coordination Center (CERT/CC), our observations of CSIRTs, and the experiences others in the community have shared with us over the years. We also suggest some of the additional 'specialist' skills that a few members of the team should have (or have access to)—experts who can be called upon for technical help or guidance when a special need arises. However, these special skills are not our main focus, which is to highlight the basic skills for incident handling staff.
03/03/2004
|
|
Handbook for Computer Security Incident Response Teams (CSIRTs) This document provides guidance on forming and operating a computer security incident response team (CSIRT). In particular, it helps an organization to define and document the nature and scope of a computer security incident handling service, which is the core service of a CSIRT. The document explains the functions that make up the service; how those functions interrelate; and the tools, procedures, and roles necessary to implement the service. This document also describes how CSIRTs interact with other organizations and how to handle sensitive information. In addition, operational and technical issues are covered, such as equipment, security, and staffing considerations.
03/03/2004
|
|
Creating a Computer Security Incident Response Team: A Process for Getting Started Keeping organizational information assets secure in today's interconnected computing environment is a true challenge that becomes more difficult with each new 'e' product and each new intruder tool. Most organizations realize that there is no one solution or panacea for securing systems and data; instead a multi-layered security strategy is required. One of the layers that many organizations are including in their strategy today is the creation of a Computer Security Incident Response Team, generally called a CSIRT.
03/03/2004
|
|
Incident Response and Creating the CSIRT in Corporate America The purpose of this document is to discuss why these challenges may exist and suggest a way to successfully implement a formal incident response organization. However, the needs of each organization a
02/19/2004
|
|
Implementing a Computer Incident Response Team in a Smaller, Limited Resource Organizational Setting Smaller scale organizations or those with limited resources have a tendency to think that a Computer Incident Response Team is not necessary or that it is not feasible given their size or fiscal statu
02/19/2004
|
|
Building an Incident Response Program To Suit Your Business The purpose of this paper is to outline the key concepts of an Incident Response Program (IRP). Although every organization is unique, there are basics components that should be included to mitigate disaster. This paper is in no way meant to be a comprehensive program for an IRP and should only be viewed as a starting point. For an IRP to be successful, the maintenance of the Program is an on-going process that must be kept current and reflect organizational / infrastructure changes and newly discovered vulnerabilities as they occur. In addition, an IRP should be a key component to a well-rounded information security program that includes Policies and Procedures, a Compliance Monitoring Program and an Intrusion Detection System.
02/19/2004
|
|
Page: 1 2 |
