Sunday, October 17, 2010

Resources for Building Incident Response Teams

Recently a colleague asked me for resources for building incident response teams. I promised I would provide a few ideas, so I thought a blog post might be helpful. I figured some of you might want to add comments with links or thoughts.

  • The CSIRT Development site is probably the best place to start. From there you can find free documents, links to classes offered by SEI on building CIRTs, and so on. I don't think you can beat that site!

  • I don't think the resources at the FIRST site are as helpful, but the process of working toward membership is a great exercise for a new CIRT.

  • My TaoSecurity books page lists several books which CIRTs will likely find helpful.

What other resources would you suggest for someone building a CIRT? Please leave out the standard information security sites. Thank you.


Mike A. said...

There is also a few resources over at ENISA:

Might be worth a look. :)

RGJ said...

I own, and I am looking for someone who might be interested in partnering with me to make it a useful site.

Anonymous said...

The ENISA site has a link to TERENA TF-CSIRT who facilitate training workshops for CSIRT teams in Europe. ENISA also link to the Trusted Introducer Scheme which helps CSIRTs get in touch with each other in a trusted way. Both are run by enthusiastic people with huge CSIRT experience who can put you in touch with loads more.

Anonymous said...

TERENA also organized a Training (not teaching ) course about how to build a CSIRT , . The documentation can be used also for CSIRTS outside Europe (last week there was one in Lima Peru)

mikko said...

Simple answer is: hire hackers not boomers from unis