- Page 1:
State of the Practice of Computer S
- Page 4 and 5:
This report was prepared for the SE
- Page 6 and 7:
3.1.3 Total Registered CSIRTs......
- Page 8 and 9:
iv CMU/SEI-2003-TR-001
- Page 10 and 11:
vi CMU/SEI-2003-TR-001
- Page 12 and 13:
viii CMU/SEI-2003-TR-001
- Page 14 and 15:
x CMU/SEI-2003-TR-001
- Page 16 and 17:
This document provides a view of th
- Page 18 and 19:
• Katherine Fithen for her contin
- Page 20 and 21:
xvi CMU/SEI-2003-TR-001
- Page 22 and 23:
Although CSIRTs have been in existe
- Page 24 and 25:
ased on a sampling of CSIRTs done v
- Page 26 and 27:
future growth. It can also be used
- Page 28 and 29:
The participating CSIRTs also repre
- Page 30 and 31:
10 CMU/SEI-2003-TR-001
- Page 32 and 33: ole. This may include providing sec
- Page 34 and 35: • Incident response is the action
- Page 36 and 37: Model Coordinating CSIRT Descriptio
- Page 38 and 39: After the worm had been successfull
- Page 40 and 41: 2.3.2 The Creation of FIRST In Augu
- Page 42 and 43: Up until this point, only one or tw
- Page 44 and 45: the other teams. Again, the communi
- Page 46 and 47: into a course for new incident hand
- Page 48 and 49: These early teams have become leade
- Page 50 and 51: 2.3.5 Initiatives in Latin America
- Page 52 and 53: stituency is the research network a
- Page 54 and 55: In September 2003, the U.S. Departm
- Page 56 and 57: 36 CMU/SEI-2003-TR-001
- Page 58 and 59: • There is not one entity for reg
- Page 60 and 61: Table 4 combines the total number o
- Page 62 and 63: In looking at the growth of teams e
- Page 64 and 65: Table 6: North American and Europea
- Page 66 and 67: 3.1.5 Other Trends Other trends we
- Page 68 and 69: Figure 10: Example of Team Sponsors
- Page 70 and 71: service providers, or nation states
- Page 72 and 73: their web pages. This may also be t
- Page 74 and 75: A CSIRT, due to its position, may a
- Page 76 and 77: Malaysia Computer Emergency Respons
- Page 78 and 79: data collection, the use of analysi
- Page 80 and 81: Dittrich goes on to say that a big
- Page 84 and 85: Making the case to management to ga
- Page 86 and 87: • Security quality management ser
- Page 88 and 89: • perform artifact analysis (66%)
- Page 90 and 91: • Distributed dedicated CSIRTs: 1
- Page 92 and 93: Not surprisingly, in the majority o
- Page 94 and 95: tended team is formed by temporaril
- Page 96 and 97: • audit and risk management speci
- Page 98 and 99: As the field of incident handling a
- Page 100 and 101: promote “higher education in info
- Page 102 and 103: 3.7.1 Defining Computer Security In
- Page 104 and 105: 3.7.1.1 Security Incident Taxonomy
- Page 106 and 107: • identifying the staff and neces
- Page 108 and 109: Other flow diagrams and charts have
- Page 110 and 111: • Rule #1: Don’t Panic! • Rul
- Page 112 and 113: 3.7.5.1 Data Fields Many CSIRTs hav
- Page 114 and 115: formats for exchanging incident dat
- Page 116 and 117: Level/Priority Low Type of Incident
- Page 118 and 119: priority), yellow (cautionary alert
- Page 120 and 121: way, the combined and coordination
- Page 122 and 123: Whoever does this work must not onl
- Page 124 and 125: • staff misuse of company system
- Page 126 and 127: Effective teams will have a plan in
- Page 128 and 129: • 83% of the education CSIRTs sha
- Page 130 and 131: Figure 14: Attack Sophistication Ve
- Page 132 and 133:
service managers or customers. Such
- Page 134 and 135:
As the volume of incident and vulne
- Page 136 and 137:
enabling better cooperation and ass
- Page 138 and 139:
3.9.2 United States Cyber Crime Law
- Page 140 and 141:
3.10.1.2 Trusted Introducer for CSI
- Page 142 and 143:
3.10.1.5 Asia Pacific Computer Emer
- Page 144 and 145:
For more information see: http://ce
- Page 146 and 147:
3.10.3.3 Distributed Intrusion Dete
- Page 148 and 149:
3.10.5 Research CSIRTs and security
- Page 150 and 151:
3.12 Resources 3.12.1 Case Study Ex
- Page 152 and 153:
132 CMU/SEI-2003-TR-001
- Page 154 and 155:
standards for incident handling met
- Page 156 and 157:
• management support and trust fr
- Page 158 and 159:
We are seeking opportunities to col
- Page 160 and 161:
140 CMU/SEI-2003-TR-001
- Page 162 and 163:
3. If yes, who is that constituency
- Page 164 and 165:
. __ Distributed dedicated team (te
- Page 166 and 167:
e. __ answering hotline/help desk c
- Page 168 and 169:
26. What are your business hours? _
- Page 170 and 171:
e. __ Audit or Risk Management Depa
- Page 172 and 173:
Type and Title of Publication Autho
- Page 174 and 175:
Type and Title of Publication Autho
- Page 176 and 177:
156 CMU/SEI-2003-TR-001
- Page 178 and 179:
Seminars include Intrusion Detectio
- Page 180 and 181:
TRANSITS Training Workshop http://w
- Page 182 and 183:
Certification Organizations Current
- Page 184 and 185:
164 CMU/SEI-2003-TR-001
- Page 186 and 187:
Article 10 - Offences related to in
- Page 188 and 189:
accessing legal implications coordi
- Page 190 and 191:
http://thomas.loc.gov/ Bills, Publi
- Page 192 and 193:
18 U.S.C. § 1832 - Theft of trade
- Page 194 and 195:
http://frwebgate.access.gpo.gov/cgi
- Page 196 and 197:
SecurityFocus Online - Library Comp
- Page 198 and 199:
U.S. House of Representatives - Off
- Page 200 and 201:
CERT Coordination Center The CERT/C
- Page 202 and 203:
CIO/FBI/USSS These are the CIO Cybe
- Page 204 and 205:
CIO CYBERTHREAT RESPONSE & REPORTIN
- Page 206 and 207:
asic information that is included i
- Page 208 and 209:
Department of Justice Computer Crim
- Page 210 and 211:
FBI & USSS FIELD OFFICES TELEPHONE/
- Page 212 and 213:
FBI & USSS FIELD OFFICES TELEPHONE/
- Page 214 and 215:
CONTRIBUTORS INDUSTRY Peter Allor M
- Page 228 and 229:
Nebraska Information Technology Com
- Page 230 and 231:
Nebraska Information Technology Com
- Page 232 and 233:
Nebraska Information Technology Com
- Page 234 and 235:
Nebraska Information Technology Com
- Page 237 and 238:
COMPUTER INCIDENT REPORTING SHORT F
- Page 239 and 240:
3. Has your agency experienced this
- Page 241 and 242:
a. System(s) disconnected from the
- Page 243 and 244:
6. (Optional) Updates to policies a
- Page 245 and 246:
COMPUTER SECURITY INCIDENT HANDLING
- Page 247 and 248:
COMPUTER SECURITY INCIDENT HANDLING
- Page 249 and 250:
COMPUTER SECURITY INCIDENT HANDLING
- Page 251 and 252:
COMPUTER SECURITY INCIDENT HANDLING
- Page 253:
Steele The Information Assurance Te
- Page 256 and 257:
Network Incident Report United Stat
- Page 258 and 259:
Details for Probes and Scans Appare
- Page 260 and 261:
Details for Unauthorized Access (co
- Page 262:
Van Wyk and Forno In their book Inc
- Page 267 and 268:
Bibliography All URLs are valid as
- Page 269 and 270:
[Caloyannides 01] Caloyannides, Mic
- Page 271 and 272:
[Ferreira 96] Ferreira, Joao Nuno;
- Page 273 and 274:
[Kossakowski 00] Kossakowski, Klaus
- Page 275 and 276:
[Scalet 02] Scalet, Sarah. “Risk:
- Page 277 and 278:
[van Wyk 01] van Wyk, Kenneth R. &
- Page 279 and 280:
Index @stake, 157 abnormal network
- Page 281 and 282:
CIO, 84, 92 CIRC, 13 CIRT, 13 CISSP
- Page 283 and 284:
internal, 14, 92 internal centraliz
- Page 285 and 286:
incident handling, 84 reporting, 92
- Page 287 and 288:
security, 56, 124 support staff, 73
- Page 289 and 290:
incoming information, 74 priority s
- Page 291 and 292:
survey, xii, 5, 49, 52, 55, 67, 71,
- Page 293:
REPORT DOCUMENTATION PAGE Form Appr