Handbook
for Computer Security Incident Response Teams (CSIRTs) - CERT/CC
(233 pages)
This document provides guidance on forming and operating a computer
security incident response team (CSIRT). It details the functions
that make up the CSIRT, how to handle sensitive information and
the tools, procedures, and roles necessary to implement the program.
In addition, operational and technical issues are covered, such
as equipment, security, and staffing considerations.
6
Phases of Incident Handling - Texas A&M University
Computer security incident handling can be divided into six phases:
preparation, identification, containment, eradication, recovery,
and follow-up. Understanding these stages, and what can go wrong
in each, facilitates responding more methodically and avoids duplication
of effort.
Recovering
from an Incident - CERT/CC
If you believe that your site may have suffered a break-in or
other type of incident, the CERT/CC has some documents that can
help you.
CSIRT
Case Classification (Example for enterprise CSIRT) - FIRST
This document provides the guidelines needed for CSIRT Incident
Managers (IM) to classify the case category, criticality level,
and sensitivity level for each CSIRT case. This information will
be entered into the Incident Tracking System (ITS) when a case
is created. Consistent case classification is required for the
CSIRT to provide accurate reporting to management on a regular
basis. In addition, the classifications will provide CSIRT IM’s
with proper case handling procedures and will form the basis of
SLA’s between the CSIRT and other Company departments.
