for Computer Security Incident Response Teams (CSIRTs) - CERT/CC
This document provides guidance on forming and operating a computer
security incident response team (CSIRT). It details the functions
that make up the CSIRT, how to handle sensitive information and
the tools, procedures, and roles necessary to implement the program.
In addition, operational and technical issues are covered, such
as equipment, security, and staffing considerations.
Phases of Incident Handling - Texas A&M University
Computer security incident handling can be divided into six phases:
preparation, identification, containment, eradication, recovery,
and follow-up. Understanding these stages, and what can go wrong
in each, facilitates responding more methodically and avoids duplication
Case Classification (Example for enterprise CSIRT) - FIRST
This document provides the guidelines needed for CSIRT Incident
Managers (IM) to classify the case category, criticality level,
and sensitivity level for each CSIRT case. This information will
be entered into the Incident Tracking System (ITS) when a case
is created. Consistent case classification is required for the
CSIRT to provide accurate reporting to management on a regular
basis. In addition, the classifications will provide CSIRT IMs
with proper case handling procedures and will form the basis of
SLAs between the CSIRT and other Company departments.