Operating and Staffing a CSIRT

The resources on this page address practical operational and technical issues that every CSIRT must consider. Contact us if you have questions or need more information.

Handbook for Computer Security Incident Response Teams (CSIRTs)
This 2003 document provides guidance on forming and operating a CSIRT, and helps an organization to define and document the nature and scope of a computer security incident handling service, which is the core service of a CSIRT.

CSIRT Services
This document provides a list of CSIRT services and their definitions, and provides a common framework for a consistent and comparable description of CSIRTs and their corresponding services.

State of the Practice of Computer Security Incident Response Teams
This document is a compendium of our understanding of the CSIRT state of the practice.

Incident Management Capability Metrics
This SEI technical report presents metrics to provide a baseline or benchmark of incident management practices.

Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC)
The Mission Risk Diagnostic for Incident Management Capabilities revises the Incident Management Mission Diagnostic Method with updated and expanded drivers.

Avoiding the Trial-by-Fire Approach to Security Incidents
This report assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively.

Site Security Handbook (RFC 2196) – Internet Engineering Task Force/Network Working Group memo
This handbook offers information about developing computer security policies and procedures for sites that have systems on the internet.

The SANS Security Policy Project – SANS website
These resources provide information about the rapid development and implementation of information security policies.

The Role of Computer Security Incident Response Teams in the Software Development Life Cycle – Build Security In website
This BSI document discusses the role a CSIRT can play in the Systems Development Life Cycle (SDLC).

Incident Response Career Trends – GovInfoSecurity article
This document provides information about the skills needed today in incident response and describes how professionals can attain or refine those skills.

Learn How to Create a CSIRT

Creating a Computer Security Incident Response Team is a one-day course that describes the key issues and decisions that managers and project leaders must address when establishing a CSIRT.