The key focus of this presentation will be to provide a consultant/implementer perspective in assisting a global organization to develop a Computer Security Incident Response Team (CSIRT). A CSIRT is a service organization that is responsible for receiving, reviewing, and responding to computer security incidents reports and activity. Their services are usually performed for a defined constituency that could be a parent entity such as a corporate, governmental, or educational organization. Based on today’s threat landscape, global organizations should consider having an internal or external CSIRT as a fundamental security requirement.
Join Herman Errico in understanding the approach that BSI developed to build a CSIRT team for a global organization. The presentation will analyse the insights from concept development through the achievement of formal CSIRT status recognition. The presenter will focus on business requirements, key challenges, lesson learnt and final results.
During the presentation some of the following topics will be discussed:
- CISRT introduction, benefit and objectives;
- Mission, vision and strategy of a CSIRT;
- Constituency and place in the organization;
- CSIRT Services;
- Team model; and
- Policy and procedures;
CSIRT accreditation and certification steps and objectives
- Carnegie Mellon (Qualification process);
- FIRST (Membership process);
- Trusted Introducer (listing, Accreditation and Certification; and
- Enisa (Inventory of CSIRT and CSIRT Network Member);
How to assess the :
- Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC);
- Incident management Capability Assessment; and
- Security Incident Management Maturity Model (SIM3);
How to develop an Incident management improvement plan;
Incident management people, process and technologies:
- CISRT team structure;
- CISRT team process to manage reactive, proactive and security quality management services; and
- CISRT team technology for ticketing, incident management and threat intelligence (MIISP and STIX/TAXII) and Security Orchestration and Automation Response (SOAR).
Herman Errico is an information security consultant, currently working in Dublin with BSI Cyber security and Information Resilience. He has both a technical and a governance background, which allows him to support clients from multiple perspectives. Standard, technical documents and service lines development are his main interests, together with a strong passion for research and client relationship management.