- Page 1:
State of the Practice of Computer S
- Page 4 and 5:
This report was prepared for the SE
- Page 6 and 7:
3.1.3 Total Registered CSIRTs......
- Page 8 and 9:
iv CMU/SEI-2003-TR-001
- Page 10 and 11:
vi CMU/SEI-2003-TR-001
- Page 12 and 13:
viii CMU/SEI-2003-TR-001
- Page 14 and 15:
x CMU/SEI-2003-TR-001
- Page 16 and 17:
This document provides a view of th
- Page 18 and 19:
• Katherine Fithen for her contin
- Page 20 and 21:
xvi CMU/SEI-2003-TR-001
- Page 22 and 23:
Although CSIRTs have been in existe
- Page 24 and 25:
ased on a sampling of CSIRTs done v
- Page 26 and 27:
future growth. It can also be used
- Page 28 and 29:
The participating CSIRTs also repre
- Page 30 and 31:
10 CMU/SEI-2003-TR-001
- Page 32 and 33:
ole. This may include providing sec
- Page 34 and 35:
• Incident response is the action
- Page 36 and 37:
Model Coordinating CSIRT Descriptio
- Page 38 and 39:
After the worm had been successfull
- Page 40 and 41:
2.3.2 The Creation of FIRST In Augu
- Page 42 and 43:
Up until this point, only one or tw
- Page 44 and 45:
the other teams. Again, the communi
- Page 46 and 47:
into a course for new incident hand
- Page 48 and 49:
These early teams have become leade
- Page 50 and 51:
2.3.5 Initiatives in Latin America
- Page 52 and 53:
stituency is the research network a
- Page 54 and 55:
In September 2003, the U.S. Departm
- Page 56 and 57:
36 CMU/SEI-2003-TR-001
- Page 58 and 59:
• There is not one entity for reg
- Page 60 and 61:
Table 4 combines the total number o
- Page 62 and 63:
In looking at the growth of teams e
- Page 64 and 65:
Table 6: North American and Europea
- Page 66 and 67:
3.1.5 Other Trends Other trends we
- Page 68 and 69:
Figure 10: Example of Team Sponsors
- Page 70 and 71:
service providers, or nation states
- Page 72 and 73:
their web pages. This may also be t
- Page 74 and 75:
A CSIRT, due to its position, may a
- Page 76 and 77:
Malaysia Computer Emergency Respons
- Page 78 and 79:
data collection, the use of analysi
- Page 80 and 81:
Dittrich goes on to say that a big
- Page 82 and 83:
• insider abuse of internal compu
- Page 84 and 85:
Making the case to management to ga
- Page 86 and 87:
• Security quality management ser
- Page 88 and 89:
• perform artifact analysis (66%)
- Page 90 and 91:
• Distributed dedicated CSIRTs: 1
- Page 92 and 93:
Not surprisingly, in the majority o
- Page 94 and 95:
tended team is formed by temporaril
- Page 96 and 97:
• audit and risk management speci
- Page 98 and 99:
As the field of incident handling a
- Page 100 and 101:
promote “higher education in info
- Page 102 and 103:
3.7.1 Defining Computer Security In
- Page 104 and 105:
3.7.1.1 Security Incident Taxonomy
- Page 106 and 107:
• identifying the staff and neces
- Page 108 and 109:
Other flow diagrams and charts have
- Page 110 and 111:
• Rule #1: Don’t Panic! • Rul
- Page 112 and 113:
3.7.5.1 Data Fields Many CSIRTs hav
- Page 114 and 115:
formats for exchanging incident dat
- Page 116 and 117:
Level/Priority Low Type of Incident
- Page 118 and 119:
priority), yellow (cautionary alert
- Page 120 and 121:
way, the combined and coordination
- Page 122 and 123:
Whoever does this work must not onl
- Page 124 and 125:
• staff misuse of company system
- Page 126 and 127:
Effective teams will have a plan in
- Page 128 and 129:
• 83% of the education CSIRTs sha
- Page 130 and 131:
Figure 14: Attack Sophistication Ve
- Page 132 and 133:
service managers or customers. Such
- Page 134 and 135:
As the volume of incident and vulne
- Page 136 and 137:
enabling better cooperation and ass
- Page 138 and 139:
3.9.2 United States Cyber Crime Law
- Page 140 and 141:
3.10.1.2 Trusted Introducer for CSI
- Page 142 and 143:
3.10.1.5 Asia Pacific Computer Emer
- Page 144 and 145:
For more information see: http://ce
- Page 146 and 147:
3.10.3.3 Distributed Intrusion Dete
- Page 148 and 149:
3.10.5 Research CSIRTs and security
- Page 150 and 151:
3.12 Resources 3.12.1 Case Study Ex
- Page 152 and 153:
132 CMU/SEI-2003-TR-001
- Page 154 and 155:
standards for incident handling met
- Page 156 and 157:
• management support and trust fr
- Page 158 and 159:
We are seeking opportunities to col
- Page 160 and 161:
140 CMU/SEI-2003-TR-001
- Page 162 and 163:
3. If yes, who is that constituency
- Page 164 and 165:
. __ Distributed dedicated team (te
- Page 166 and 167:
e. __ answering hotline/help desk c
- Page 168 and 169:
26. What are your business hours? _
- Page 170 and 171:
e. __ Audit or Risk Management Depa
- Page 172 and 173:
Type and Title of Publication Autho
- Page 174 and 175:
Type and Title of Publication Autho
- Page 176 and 177:
156 CMU/SEI-2003-TR-001
- Page 178 and 179:
Seminars include Intrusion Detectio
- Page 180 and 181:
TRANSITS Training Workshop http://w
- Page 182 and 183:
Certification Organizations Current
- Page 184 and 185:
164 CMU/SEI-2003-TR-001
- Page 186 and 187:
Article 10 - Offences related to in
- Page 188 and 189:
accessing legal implications coordi
- Page 190 and 191:
http://thomas.loc.gov/ Bills, Publi
- Page 192 and 193:
18 U.S.C. § 1832 - Theft of trade
- Page 194 and 195:
http://frwebgate.access.gpo.gov/cgi
- Page 196 and 197:
SecurityFocus Online - Library Comp
- Page 198 and 199:
U.S. House of Representatives - Off
- Page 200 and 201:
CERT Coordination Center The CERT/C
- Page 202 and 203:
CIO/FBI/USSS These are the CIO Cybe
- Page 204 and 205: CIO CYBERTHREAT RESPONSE & REPORTIN
- Page 206 and 207: asic information that is included i
- Page 208 and 209: Department of Justice Computer Crim
- Page 210 and 211: FBI & USSS FIELD OFFICES TELEPHONE/
- Page 212 and 213: FBI & USSS FIELD OFFICES TELEPHONE/
- Page 214 and 215: CONTRIBUTORS INDUSTRY Peter Allor M
- Page 228 and 229: Nebraska Information Technology Com
- Page 230 and 231: Nebraska Information Technology Com
- Page 232 and 233: Nebraska Information Technology Com
- Page 234 and 235: Nebraska Information Technology Com
- Page 237 and 238: COMPUTER INCIDENT REPORTING SHORT F
- Page 239 and 240: 3. Has your agency experienced this
- Page 241 and 242: a. System(s) disconnected from the
- Page 243 and 244: 6. (Optional) Updates to policies a
- Page 245 and 246: COMPUTER SECURITY INCIDENT HANDLING
- Page 247 and 248: COMPUTER SECURITY INCIDENT HANDLING
- Page 249 and 250: COMPUTER SECURITY INCIDENT HANDLING
- Page 251 and 252: COMPUTER SECURITY INCIDENT HANDLING
- Page 253: Steele The Information Assurance Te
- Page 257 and 258: Details for Malicious Code Apparent
- Page 259 and 260: Details for Unauthorized Access App
- Page 261 and 262: Details for Denial-of-Service Incid
- Page 266 and 267: Other Incident Reporting Forms Sour
- Page 268 and 269: [Arvidsson 03] Arvidsson, J., ed.
- Page 270 and 271: [Curry 03] Curry, D. & Debar, H. In
- Page 272 and 273: [Howard 98] Howard, John D. & Longs
- Page 274 and 275: [OCIPEP 03] Office of Critical Infr
- Page 276 and 277: [Steele 02] Steele, Gordon. “Info
- Page 278 and 279: 258 CMU/SEI-2003-TR-001
- Page 280 and 281: CSIRT staff, 57, 60 of CSIRTs, 64 B
- Page 282 and 283: incident, 58, 59, 62, 91 of CSIRTs,
- Page 284 and 285: CSIRTs, 21, 22, 24, 25, 26, 27, 39,
- Page 286 and 287: function, 66 in Asia Pacific region
- Page 288 and 289: mission, 51, 74, 77, 84, 90, 93, 98
- Page 290 and 291: sectors, 7, 16, 42, 46, 89, 99, 103
- Page 292 and 293: TWCERT, 29 TW-CIRC, 29 types of inc