CERT has published a checklist style document which provides a high-level overview of actions to take and topics to address when planning and implementing a computer security incident response team (CSIRT).

The checklist covers the following topics:

* Identify stakeholders and participants
* Obtain management support and sponsorship
* Develop a CSIRT project plan
* Gather information
* Identify the CSIRT constituency
* Define the CSIRT mission
* Secure funding for CSIRT operations
* Decide on the range and level of services the CSIRT will offer
* Determine the CSIRT reporting structure, authority, and organizational model
* Identify required resources such as staff, equipment, and infrastructure
* Define interactions and interfaces
* Define roles, responsibilities, and the corresponding authority
* Document the workflow
* Develop policies and corresponding procedures
* Create an implementation plan and solicit feedback
* Announce the CSIRT when it becomes operational
* Define methods for evaluating the performance of the CSIRT
* Have a backup plan for every element of the CSIRT
* Be flexible.

Read the document.

•Date: 27th October 2006• Region: World •Type: Article •Topic: ISM
Rate this article or make a comment - click here