Thursday, October 21, 2010

Security Incident Response Team: CSIRT: Getting Start

Action List for Developing a Computer Security Incident Response Team (CSIRT)
  1. Identify stakeholders1 and participants.
  2. Obtain management support and sponsorship.
  3. Develop a CSIRT project plan.
  4. Gather information.
  5. Identify the CSIRT constituency.
  6. Define the CSIRT mission.
  7. Secure funding for CSIRT operations.
  8. Decide on the range and level of services the CSIRT will offer.
  9. Determine the CSIRT reporting structure, authority, and organizational model.
  10. Identify required resources such as staff, equipment, and infrastructure.
  11. Define interactions and interfaces.
  12. Define roles, responsibilities, and the corresponding authority.
  13. Document the workflow.
  14. Develop policies and corresponding procedures.
  15. Create an implementation plan and solicit feedback.
  16. Announce the CSIRT when it becomes operational.
  17. Define methods for evaluating the performance of the CSIRT.
  18. Have a backup plan for every element of the CSIRT.
  19. Be flexible.

No comments: