Information Technology Reference
In-Depth Information
• Executive backing
• CSIRT personnel
• Education
• Training
• Awareness
• Experience
• Policies
• Standards
• Guidelines
• Procedures
• Internal communications
• External communications
• Operating charter
• Contingency plans
Effective CSIRT Operations
• IA infrastructure (i.e. FW, AV, IDS, log mgmt)
• Security controls & monitoring
• Communications infrastructure (i.e. voice & data)
Figure 8.9
effectie CSirt operations.
8.10.3
Practice
CSIRT procedures fall within the
respond
quartile of the IA operations cycle of
anticipate, defend, monitor, and respond. Figure 8.10 provides details of an inci-
dent response taxonomy.
8.10.4
Best Practices
Best practices for CSIRT can be found in Carnegie Mellon University's
Handbook
for Computer Security Incident Response Teams (CSIRTs)
, NIST SP 800-18:
Guide
for Developing Security Plans for Information Technology
, and Forum of Incident
Response and Security Teams (FIRST)
Best Practice Library
.
8.10.5
IA
2
Perspective
The CSIRT is an IA service in the IA
2
LoS; CSIRT operations include:
n
n
n
Threat monitoring and analysis
Validation and risk assessment
Vulnerability management
Alert receipt, remediation accountability, and reporting
Patch management
Security information internal dissemination
−
−
n
