Organizational Models for Computer Security Incident Response Teams (CSIRTs)
暂无分享,去创建一个
Abstract : When a computer security attack on an organization occurs, an intrusion is recognized, or some other kind of computer security incident occurs, it is critical for the organization to have a fast and effective means of responding. One method of addressing this need is to establish a formal incident response capability or a Computer Security Incident Response Team (CSIRT). When an incident occurs, the goal of the CSIRT is to control and minimize any damage, preserve evidence, provide quick and efficient recovery, prevent similar future events, and gain insight into threats against the organization. This handbook describes different organizational models for implementing incident handling capabilities, including each model's advantages and disadvantages and the kinds of incident management services that best fit with it. An earlier SEI publication, the Handbook for Computer Security Incident Response Teams (CSIRTs) (CMU/SEI-2003-HB-002), provided the baselines for establishing incident response capabilities. This new handbook builds on that coverage by enabling organizations to compare and evaluate CSIRT models. Based on this review they can then identify a model for implementation that addresses their needs and requirements.
[1] Robin M. Ruefle,et al. State of the Practice of Computer Security Incident Response Teams (CSIRTs) , 2003 .
[2] Robin M. Ruefle,et al. Handbook for Computer Security Incident Response Teams (CSIRTs) , 2003 .