Sunday, October 17, 2010

Resources for Building Incident Response Teams

Recently a colleague asked me for resources for building incident response teams. I promised I would provide a few ideas, so I thought a blog post might be helpful. I figured some of you might want to add comments with links or thoughts.

  • The CERT.org CSIRT Development site is probably the best place to start. From there you can find free documents, links to classes offered by SEI on building CIRTs, and so on. I don't think you can beat that site!

  • I don't think the resources at the FIRST site are as helpful, but the process of working toward membership is a great exercise for a new CIRT.

  • My TaoSecurity books page lists several books which CIRTs will likely find helpful.


What other resources would you suggest for someone building a CIRT? Please leave out the standard information security sites. Thank you.

5 comments:

Mike A. said...

There is also a few resources over at ENISA:

http://www.enisa.europa.eu/act/cert

Might be worth a look. :)

RGJ said...

I own ncident.com, and I am looking for someone who might be interested in partnering with me to make it a useful site.

Anonymous said...

The ENISA site has a link to TERENA TF-CSIRT http://www.terena.org/activities/tf-csirt/ who facilitate training workshops for CSIRT teams in Europe. ENISA also link to the Trusted Introducer Scheme http://www.trusted-introducer.org/ which helps CSIRTs get in touch with each other in a trusted way. Both are run by enthusiastic people with huge CSIRT experience who can put you in touch with loads more.

Anonymous said...

TERENA also organized a Training (not teaching ) course about how to build a CSIRT , http://www.terena.org/activities/csirt-training/ . The documentation can be used also for CSIRTS outside Europe (last week there was one in Lima Peru)

mikko said...

Simple answer is: hire hackers not boomers from unis