
	Where results make sense

Topic: CSIRT

	CERT®/CC: Computer Security Incident Response Team FAQ
		CSIRTs may also have familiarity with the compromised systems and therefore be more readily able to coordinate the recovery and propose mitigation and response strategies.
		A CSIRT is similar to a fire department.
		CSIRTs can receive funding from their parent organization, either directly or as part of an IT department (e.g., a CSIRT formed from existing staff members of a commercial organization, a university, a government/military organization).
	www.cert.org /csirts/csirt_faq.html (2606 words)

	bcp/bcp21
		Any group calling itself a CSIRT for a specific constituency must therefore react to reported security incidents, and to threats to "their" constituency in ways which the specific community agrees to be in its general interest.
		A CSIRT may or may not have the authority to intervene in the operation of all of the systems within its perimeter.
		CSIRTs and users of the template should be sensitive to local laws and regulations, which may vary considerably in different countries.
	www.faqs.org /rfcs/bcp/bcp21.html (9385 words)

	Zvon - RFC 2350 [Expectations for Computer Security Incident Response] - Information, Policies and Procedures
		Full details of how to contact the CSIRT should be listed here, although this might be very different for different teams; for example, some might choose not to publicize the names of their team members.
		Every CSIRT must have a charter which specifies what it is to do, and the authority under which it will do it.
		Services provided by a CSIRT can be roughly divided into two categories: real-time activities directly related to the main task of incident response, and non-real-time proactive activities, supportive of the incident response task.
	www.zvon.org /tmRFC/RFC2350/Output/chapter3.html (2801 words)

	Network World: CSIRT groups take on new roles
		CSIRTs also will need to have well-defined connections to outside groups, including specific contact information and previously established nondisclosure agreements with local and federal law enforcement, and computer forensics investigators, Hansen points out.
		Finally, organizations have to test their CSIRT plans before incidents occur to make sure that everyone who might be called into action understands their roles.
		Every CSIRT is special: identify what your company's core business processes and systems are, what needs to be done to support and protect those, and how they can be quickly restored if need be.
	www.findarticles.com /p/articles/mi_qa3649/is_200501/ai_n9521470 (1234 words)

	Enterprise Systems \| Critical Response Teamwork (Site not responding. Last check: 2007-11-07)
		CSIRT members don't sit around waiting for their charges to be attacked; they provide proactive and preventative services as well.
		In addition to organization size, the size of the CSIRT will always be relative to the number of functions it fulfills—and, of course, the number of incidents and the extent with which they're dealt.
		In fact, if you ask members of your IT management staff what a CSIRT is and what it does, you may find out that they see a CSIRT as an outside force imposing its rules on their freedom of activity.
	www.esj.com /Columns/print.aspx?editorialsId=34 (2992 words)

	Pantek - Expert Linux and Open Source Services: : RFC #2350: Expectations for Computer Security Incident Response. N.
		CSIRT templates provide a standardized vehicle for delivering this information.
		While no recommendations are made as to what a CSIRT should adopt for its policy or procedures, different possibilities are outlined to give Brownlee & Guttman Best Current Practice [Page 7] RFC 2350 Expectations for Computer Security Incident Response June 1998 some examples.
		Depending on the objectives and services of a particular CSIRT, multiple forms may be used, for example a reporting form for a new vulnerability may be very different from the form used for reporting Brownlee & Guttman Best Current Practice [Page 16] RFC 2350 Expectations for Computer Security Incident Response June 1998 incidents.
	www.pantek.com /library/general/rfc/rfc2350.html (9785 words)

	RFC 2350 - Expectations for Computer Security Incident Response (Site not responding. Last check: 2007-11-07)
		While no recommendations are made as to what a CSIRT should adopt for its policy or procedures, different possibilities are outlined to give Brownlee and Guttman Best Current Practice [Page 7] RFC 2350 Expectations for Computer Security Incident Response June 1998 some examples.
		Brownlee and Guttman Best Current Practice [Page 9] RFC 2350 Expectations for Computer Security Incident Response June 1998 3.3 Charter Every CSIRT must have a charter which specifies what it is to do, and the authority under which it will do it.
		Depending on the objectives and services of a particular CSIRT, multiple forms may be used, for example a reporting form for a new vulnerability may be very different from the form used for reporting Brownlee and Guttman Best Current Practice [Page 16] RFC 2350 Expectations for Computer Security Incident Response June 1998 incidents.
	www.packetizer.com /rfc/rfc.cgi?num=2350 (9774 words)

	RFC 2350 (Site not responding. Last check: 2007-11-07)
		A CSIRT may be approached by the press for information and comment from time to time.
		Depending on the objectives and services of a particular CSIRT, multiple forms may be used, for example a reporting form for a new vulnerability may be very different from the form used for reporting
		Based on two of the definitions given above, a CSIRT is a team that coordinates and supports the response to security incidents that involve sites within a defined constituency.
	library.n0i.net /rfc/html/rfc2350.html (9261 words)

	Zvon - RFC 2350 [Expectations for Computer Security Incident Response] - Scope
		Each user who has access to a Computer Security Incident Response Team should know as much as possible about the services of and interactions with this team long before he or she actually needs them.
		It is foreseen that completed CSIRT templates will soon become searchable by modern search engines, which will aid in distributing information about the existence of CSIRTs and basic information required to approach them.
		In some cases a CSIRT may be able to operate effectively on its own and in close cooperation with its constituency.
	www.zvon.org /tmRFC/RFC2350/Output/chapter2.html (1270 words)

	eCSIRT.net
		Between July 2002 and December 2003 a number of established CSIRTs from the Europen CSIRT community received funding through the 5th Framework to run a trial project.
		The "eCSIRT.net - European CSIRT Network" was funded by the Commission of the European Community as IST-2001-37558.
		The volunteers that continue to provide this service are especially thankful for all project partners and liaisions that made the project a success and a great learning experience for all involved.
	www.ecsirt.net (491 words)

	Creating a Computer Security Incident Response Team
		This course provides a high level overview of the key issues and decisions that must be addressed in establishing a CSIRT.
		The course is composed of lectures and class exercises.
		Participants will learn the requirements for establishing an effective CSIRT, the various organizational models for a CSIRT, and the variety and level of services that can be provided by a CSIRT.
	www.sei.cmu.edu /products/courses/cert/creating-csirt.html (425 words)

	CERT Coordination Center: Training and Education: CSIRT development
		The faster an organization recognizes, analyzes, and responds to an incident, the better it can limit damage and lessen recovery costs.
		Establishing a computer security incident response team (CSIRT) is a great way to provide this rapid response capability as well as help prevent future incidents.
		Defining Incident Management Processes for CSIRTs: A Work in Progress (pdf)
	www.cert.org /csirts (203 words)

Try your search on: Qwika (all wikis)