References

Documents
  Team Info
  Contact TI
  TI Process
  References
  About TI
  Disclaimer
  [Members Only]
 

 

 Overview  Organisations  Documents  TI Logos

 

TI Working Documents

  • RFC-2350 - Expectations for Computer Security Incident Response
    Internationally established fill-out form for CERTs to basically state who they are and who they serve, when and how they can be reached, what their services are and how they handle and disclose information with due care. Filling out and publishing RFC-2350 is a MUST for TI Accredited CERTs since May 2009.
  • IS TLP - Information Sharing Traffic Light Protocol
    Started in the community of governmental and national CERTs, this highly pragmatical set of rules for information sharing has been adopted as de facto standard by the European CERT community in 2009 - and to honour this is now a MUST for TI Accredited CERTs.
  • CCoP - CSIRT Code of Practice
    This first version of a Code of Practice for CERTs was adopted by the TI Accredited CERTs as recommendation in 2005. This is a first step towards making professional ethics explicit in the CERT community, and as such a step in increasing the maturity level of the community.

Other Relevant Documents

  • The CSIRT Handbook
    A structured "handbook" approach towards CERT organisation and services. Written in 1998 by West-Brown, Kossakowski and Stikvoort, revised in 2003 - still valid and useful, and the only of its kind. Useful for all types of incident handling CERTs.
  • RFC 2196 - Site Security Handbook
    The well-known Site Security Handbook contains a chapter on incident handling. The content of that is tailored toward handling of incidents "on site", but is worth while. It is also a valuable resource for system administrators who wonder what to do in case of an incident.
  • Responding to Intrusions
    This CMU/SEI Security Improvement Module concentrates on the overall perspective of responding to incidents - from the perspective of a local (victim) site. It describes the various steps in planning (policies and technical preparation) and operations (coordination, communication, analysis, evidence collection, documentation, containment and recovery. Also very useful for system administrators who plan ahead.

 

Last updated: 04 June 2010 
Copyright © 2000-2010 by S-CURE (NL)