References

Documents
  Team Info
  Contact TI
  TI Process
  References
  About TI
  Disclaimer
  [Members Only]
 

 

 Overview  Organisations  Documents  TI Logos

 

 

TI Working Documents

  • RFC-2350 - Expectations for Computer Security Incident Response
    Internationally established fill-out form for CERTs to basically state who they are and who they serve, when and how they can be reached, what their services are and how they handle and disclose information with due care. Filling out and publishing RFC-2350 is a MUST for TI Accredited CERTs since May 2009.
  • IS TLP - Information Sharing Traffic Light Protocol
    Started in the community of governmental and national CERTs, this highly pragmatical set of rules for information sharing has been adopted as de facto standard by the European security and incident response community in 2009 - and to honour this is now a MUST for TI Accredited teams.
  • CCoP - CSIRT Code of Practice
    This Code of Practice for CERTs and security teams was adopted by the TI Accredited CERTs as recommendation in 2005. This is a first step towards making professional ethics explicit in the TI community, and as such a step in increasing a team's maturity.
  • SIM3 - Security Incident Management Maturity Model
    This Model was developed in support of measuring the maturity of a security or incident response team in terms of four areas: organisation, human issues, tools and processes. It is used in support of the TI Certification framework.

 

IRT Object

  • RIPE-254: IRT Object in the RIPE Database
    This is the original document that describes the IRT object and related functionality in the RIPE Database. It is superseded now, but still essentially correct, and gives a good background view.
  • RIPE IRT Object Technical How-To Guide
    A very good technical guide concentrating especially the registration of INETNUM objects.

  • IRT Object FAQ
    Explains how to use the IRT object and how to refer to a CERT in records of IP address ranges, using the IRT object.

 

Other Relevant Documents

  • The CSIRT Handbook
    A structured "handbook" approach towards CERT organisation and services. Written in 1998 by West-Brown, Kossakowski and Stikvoort, revised in 2003 - still valid and useful, and the only one of its kind. Useful for all types of incident handling CERTs.
  • RFC 2196 - Site Security Handbook
    The well-known Site Security Handbook contains a chapter on incident handling. The content focuses on handling of incidents "on site". It is also a valuable resource for system administrators who wonder what to do in case of an incident.
  • Responding to Intrusions
    This CMU/SEI Security Improvement Module concentrates on the overall perspective of responding to incidents - from the perspective of a local (victim) site. It describes the various steps in planning - policies and technical preparation - and operations - coordination, communication, analysis, evidence collection, documentation, containment and recovery. Also very useful for system administrators who plan ahead.

 

Last updated: 10 Sep 2011 
Copyright © 2000-2011 by PRESECURE (DE)