CSIRT sites

Network World |

Check out these resources for setting up a computer security incident response team (CSIRT).

Check out these resources for setting up a computer security incident response team (CSIRT):

CERT Coordination Center at Carnegie Mellon Universitycsirt-info@cert.org

CERT has been studying CSIRTs since 1998 and has published reams of information on CSIRT development on their Web page. The site contains white papers, a CSIRT handbook published by CERT, and links to other CSIRT sites on the Web. You can e-mail CERT at:

FIRST: The Forum of Incident Response and Security Teams

FIRST was founded in 1990 in the wake of the first ever Internet worm, dubbed the Morris worm. The international group brings together security and CSIRT teams from across government, academia and the commercial sector to share information and cooperate in managing security incidents and promoting better security products and policies. FIRST's Web site has information on best practices for incident response teams, links to the group's bi-annual newsletter, FIRST Times, and instructions on joining the group.

CSIRTs in Europe and Asiathis list maintained by TERENA, the Trans-European Research and Education Networking Association. The site lists CSIRTs by country and provides links to CSIRT Web pages across Europe and Russia.

Coordination across borders is a key when responding to computer security incidents. For a list of CSIRTs in Europe, refer to 

For information on incident response teams in Asia, try the list maintained by the Asia Pacific Computer Emergency Response Team (APCERT).

ISO: The International Organization for Standardization

While they don't pertain specifically to CSIRTs, ISO standards such as ISO 17799 address many of the issues that are likely to be raised when establishing a CSIRT in your organization. Standards like ISO 17799 can give organizations a way to structure and manage enterprise security, with CSIRTs being one part of that structure, says Troy Smith at Marsh.

EDUCAUSE/Cornell Institute for Computer Policy and Law

Designed for the education community, this Web site offers a wide range of resources on drafting technology security and privacy policies.

Back to Management Strategies: "CSIRT groups take on new roles"

Next read this:

Related:

Paul Roberts is an experienced technology reporter and editor who writes about hacking, cyber threats and information technology security.

Copyright © 2005 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022