- Page 1:
State of the Practice of Computer S
- Page 4 and 5:
This report was prepared for the SE
- Page 6 and 7:
3.1.3 Total Registered CSIRTs......
- Page 8 and 9:
iv CMU/SEI-2003-TR-001
- Page 10 and 11:
vi CMU/SEI-2003-TR-001
- Page 12 and 13:
viii CMU/SEI-2003-TR-001
- Page 14 and 15:
x CMU/SEI-2003-TR-001
- Page 16 and 17:
This document provides a view of th
- Page 18 and 19:
• Katherine Fithen for her contin
- Page 20 and 21:
xvi CMU/SEI-2003-TR-001
- Page 22 and 23:
Although CSIRTs have been in existe
- Page 24 and 25:
ased on a sampling of CSIRTs done v
- Page 26 and 27:
future growth. It can also be used
- Page 28 and 29:
The participating CSIRTs also repre
- Page 30 and 31:
10 CMU/SEI-2003-TR-001
- Page 32 and 33:
ole. This may include providing sec
- Page 34 and 35:
• Incident response is the action
- Page 36 and 37:
Model Coordinating CSIRT Descriptio
- Page 38 and 39:
After the worm had been successfull
- Page 40 and 41:
2.3.2 The Creation of FIRST In Augu
- Page 42 and 43:
Up until this point, only one or tw
- Page 44 and 45:
the other teams. Again, the communi
- Page 46 and 47:
into a course for new incident hand
- Page 48 and 49:
These early teams have become leade
- Page 50 and 51:
2.3.5 Initiatives in Latin America
- Page 52 and 53:
stituency is the research network a
- Page 54 and 55:
In September 2003, the U.S. Departm
- Page 56 and 57:
36 CMU/SEI-2003-TR-001
- Page 58 and 59:
• There is not one entity for reg
- Page 60 and 61:
Table 4 combines the total number o
- Page 62 and 63:
In looking at the growth of teams e
- Page 64 and 65:
Table 6: North American and Europea
- Page 66 and 67:
3.1.5 Other Trends Other trends we
- Page 68 and 69:
Figure 10: Example of Team Sponsors
- Page 70 and 71:
service providers, or nation states
- Page 72 and 73:
their web pages. This may also be t
- Page 74 and 75:
A CSIRT, due to its position, may a
- Page 76 and 77:
Malaysia Computer Emergency Respons
- Page 78 and 79:
data collection, the use of analysi
- Page 80 and 81:
Dittrich goes on to say that a big
- Page 82 and 83:
• insider abuse of internal compu
- Page 84 and 85:
Making the case to management to ga
- Page 86 and 87:
• Security quality management ser
- Page 88 and 89:
• perform artifact analysis (66%)
- Page 90 and 91:
• Distributed dedicated CSIRTs: 1
- Page 92 and 93:
Not surprisingly, in the majority o
- Page 94 and 95:
tended team is formed by temporaril
- Page 96 and 97:
• audit and risk management speci
- Page 98 and 99:
As the field of incident handling a
- Page 100 and 101:
promote “higher education in info
- Page 102 and 103:
3.7.1 Defining Computer Security In
- Page 104 and 105:
3.7.1.1 Security Incident Taxonomy
- Page 106 and 107:
• identifying the staff and neces
- Page 108 and 109:
Other flow diagrams and charts have
- Page 110 and 111:
• Rule #1: Don’t Panic! • Rul
- Page 112 and 113:
3.7.5.1 Data Fields Many CSIRTs hav
- Page 114 and 115:
formats for exchanging incident dat
- Page 116 and 117:
Level/Priority Low Type of Incident
- Page 118 and 119:
priority), yellow (cautionary alert
- Page 120 and 121:
way, the combined and coordination
- Page 122 and 123:
Whoever does this work must not onl
- Page 124 and 125:
• staff misuse of company system
- Page 126 and 127:
Effective teams will have a plan in
- Page 128 and 129:
• 83% of the education CSIRTs sha
- Page 130 and 131:
Figure 14: Attack Sophistication Ve
- Page 132 and 133:
service managers or customers. Such
- Page 134 and 135:
As the volume of incident and vulne
- Page 136 and 137:
enabling better cooperation and ass
- Page 138 and 139:
3.9.2 United States Cyber Crime Law
- Page 140 and 141:
3.10.1.2 Trusted Introducer for CSI
- Page 142 and 143:
3.10.1.5 Asia Pacific Computer Emer
- Page 144 and 145:
For more information see: http://ce
- Page 146 and 147:
3.10.3.3 Distributed Intrusion Dete
- Page 148 and 149:
3.10.5 Research CSIRTs and security
- Page 150 and 151:
3.12 Resources 3.12.1 Case Study Ex
- Page 152 and 153:
132 CMU/SEI-2003-TR-001
- Page 154 and 155:
standards for incident handling met
- Page 156 and 157:
• management support and trust fr
- Page 158 and 159:
We are seeking opportunities to col
- Page 160 and 161:
140 CMU/SEI-2003-TR-001
- Page 162 and 163:
3. If yes, who is that constituency
- Page 164 and 165:
. __ Distributed dedicated team (te
- Page 166 and 167:
e. __ answering hotline/help desk c
- Page 168 and 169:
26. What are your business hours? _
- Page 170 and 171:
e. __ Audit or Risk Management Depa
- Page 172 and 173:
Type and Title of Publication Autho
- Page 174 and 175:
Type and Title of Publication Autho
- Page 176 and 177:
156 CMU/SEI-2003-TR-001
- Page 178 and 179:
Seminars include Intrusion Detectio
- Page 180 and 181:
TRANSITS Training Workshop http://w
- Page 182 and 183:
Certification Organizations Current
- Page 184 and 185:
164 CMU/SEI-2003-TR-001
- Page 186 and 187:
Article 10 - Offences related to in
- Page 188 and 189:
accessing legal implications coordi
- Page 190 and 191: http://thomas.loc.gov/ Bills, Publi
- Page 192 and 193: 18 U.S.C. § 1832 - Theft of trade
- Page 194 and 195: http://frwebgate.access.gpo.gov/cgi
- Page 196 and 197: SecurityFocus Online - Library Comp
- Page 198 and 199: U.S. House of Representatives - Off
- Page 200 and 201: CERT Coordination Center The CERT/C
- Page 202 and 203: CIO/FBI/USSS These are the CIO Cybe
- Page 204 and 205: CIO CYBERTHREAT RESPONSE & REPORTIN
- Page 206 and 207: asic information that is included i
- Page 208 and 209: Department of Justice Computer Crim
- Page 210 and 211: FBI & USSS FIELD OFFICES TELEPHONE/
- Page 212 and 213: FBI & USSS FIELD OFFICES TELEPHONE/
- Page 214 and 215: CONTRIBUTORS INDUSTRY Peter Allor M
- Page 228 and 229: Nebraska Information Technology Com
- Page 230 and 231: Nebraska Information Technology Com
- Page 232 and 233: Nebraska Information Technology Com
- Page 234 and 235: Nebraska Information Technology Com
- Page 237 and 238: COMPUTER INCIDENT REPORTING SHORT F
- Page 239: 3. Has your agency experienced this
- Page 243 and 244: 6. (Optional) Updates to policies a
- Page 245 and 246: COMPUTER SECURITY INCIDENT HANDLING
- Page 247 and 248: COMPUTER SECURITY INCIDENT HANDLING
- Page 249 and 250: COMPUTER SECURITY INCIDENT HANDLING
- Page 251 and 252: COMPUTER SECURITY INCIDENT HANDLING
- Page 253: Steele The Information Assurance Te
- Page 256 and 257: Network Incident Report United Stat
- Page 258 and 259: Details for Probes and Scans Appare
- Page 260 and 261: Details for Unauthorized Access (co
- Page 262: Van Wyk and Forno In their book Inc
- Page 267 and 268: Bibliography All URLs are valid as
- Page 269 and 270: [Caloyannides 01] Caloyannides, Mic
- Page 271 and 272: [Ferreira 96] Ferreira, Joao Nuno;
- Page 273 and 274: [Kossakowski 00] Kossakowski, Klaus
- Page 275 and 276: [Scalet 02] Scalet, Sarah. “Risk:
- Page 277 and 278: [van Wyk 01] van Wyk, Kenneth R. &
- Page 279 and 280: Index @stake, 157 abnormal network
- Page 281 and 282: CIO, 84, 92 CIRC, 13 CIRT, 13 CISSP
- Page 283 and 284: internal, 14, 92 internal centraliz
- Page 285 and 286: incident handling, 84 reporting, 92
- Page 287 and 288: security, 56, 124 support staff, 73
- Page 289 and 290: incoming information, 74 priority s
- Page 291 and 292:
survey, xii, 5, 49, 52, 55, 67, 71,
- Page 293:
REPORT DOCUMENTATION PAGE Form Appr