Security Incident Response Team: CSIRT: Getting Start
Action List for Developing a Computer Security Incident Response Team (CSIRT)
- Identify stakeholders1 and participants.
- Obtain management support and sponsorship.
- Develop a CSIRT project plan.
- Gather information.
- Identify the CSIRT constituency.
- Define the CSIRT mission.
- Secure funding for CSIRT operations.
- Decide on the range and level of services the CSIRT will offer.
- Determine the CSIRT reporting structure, authority, and organizational model.
- Identify required resources such as staff, equipment, and infrastructure.
- Define interactions and interfaces.
- Define roles, responsibilities, and the corresponding authority.
- Document the workflow.
- Develop policies and corresponding procedures.
- Create an implementation plan and solicit feedback.
- Announce the CSIRT when it becomes operational.
- Define methods for evaluating the performance of the CSIRT.
- Have a backup plan for every element of the CSIRT.
- Be flexible.
No comments:
Post a Comment