Resources for Building Incident Response Teams

Recently a colleague asked me for resources for building incident response teams. I promised I would provide a few ideas, so I thought a blog post might be helpful. I figured some of you might want to add comments with links or thoughts.

  • The CSIRT Development site is probably the best place to start. From there you can find free documents, links to classes offered by SEI on building CIRTs, and so on. I don't think you can beat that site!

  • I don't think the resources at the FIRST site are as helpful, but the process of working toward membership is a great exercise for a new CIRT.

  • My TaoSecurity books page lists several books which CIRTs will likely find helpful.

What other resources would you suggest for someone building a CIRT? Please leave out the standard information security sites. Thank you.


Mike A. said…
There is also a few resources over at ENISA:

Might be worth a look. :)
RGJ said…
I own, and I am looking for someone who might be interested in partnering with me to make it a useful site.
Anonymous said…
The ENISA site has a link to TERENA TF-CSIRT who facilitate training workshops for CSIRT teams in Europe. ENISA also link to the Trusted Introducer Scheme which helps CSIRTs get in touch with each other in a trusted way. Both are run by enthusiastic people with huge CSIRT experience who can put you in touch with loads more.
Anonymous said…
TERENA also organized a Training (not teaching ) course about how to build a CSIRT , . The documentation can be used also for CSIRTS outside Europe (last week there was one in Lima Peru)
mikko said…
Simple answer is: hire hackers not boomers from unis

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics