Incident Management and General CSIRT Resources
The following publications, written by our colleagues in the international community, address topics such as incident response and CSIRTS.
Identifying a Shared Mental Model Among Incident Responders – IEEE Computer Society paper
In this paper, the authors explore how effective communication might be improved by the development of a mental model internalized by the group's technical staff prior to an incident.
TF-CSIRT: General Information for IRTs/CERTs – Trans-European Research and Education Networking Association (TERENA) website
This site contains useful information and documents for IRTs/CERTs and describes how to establish new and operate existing IRT/CERT and other related information.
- a collection of CERT and system security information
- tools and software for intrusion detection and system security
Student Experiences in a Functioning CERT – AusCERT presentations and papers
Periodically, AusCERT opens its doors to students from institutions far and wide who seek to augment their education with experience in a functioning CERT. Papers and presentations are published as the direct result of their experience.
Submitted Articles on Security Topics – Symantic Connect/SecurityFocus articles
These articles by security researchers are written about topics of interest to the security community.
Update to the Handbook of Legal Procedures of Computer and Network Misuse in EU Countries for assisting CSIRTs (2005) – RAND Europe report
This update to the 2003 handbook, provides a guide matching technical descriptions of incidents to the legal framework of the country in question and which also provides detailed procedures for working with law enforcement to respond to incidents
FIRST Site Visit Requirements and Assessment – FIRST.org document
This best practice list of requirements can be used in building or benchmarking a team.