Handbook for Computer Security Incident Response Teams (CSIRTs)
Abstract
This document provides guidance on the generic issues to consider when forming and operating a computer security incident response team (OSIRT). In particular, it helps an organization to define and document the nature and scope of a computer security incident response (OSIR) service, which is the core service of a CSlRT. The document discusses the functions that make up the service; how those functions interrelate; and the tools, procedures, and roles necessary to implement the service. This document also describes how OSIRTs interact with other organizations and how to handle often sensitive information. In addition, operational and technical issues are addressed, such as equipment, security, and staffing considerations. This document is intended to provide a valuable resource to both newly forming teams and existing teams whose services, policies, and procedures are not clearly defined or documented. The primary audience for this document consists of managers responsible for the creation or operation of a CSlRT or a CSlR service. It can also be used as a reference for all OSIRT staff, higher-level managers, and others who interact with a OSIRT.
Document Details
- Document Type
- Technical Report
- Publication Date
- Dec 01, 1998
- Accession Number
- ADA358945
Entities
People
- Don Stikvoort
- Klaus-peter Kossakowski
- Moira West-brown
Organizations
- Carnegie Mellon University