Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Expectations for Computer Security Incident Response (RFC2350)

IP.com Disclosure Number: IPCOM000002920D
Original Publication Date: 1998-Jun-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 31 page(s) / 80K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

N. Brownlee: AUTHOR [+2]

Abstract

The purpose of this document is to express the general Internet community's expectations of Computer Security Incident Response Teams (CSIRTs). It is not possible to define a set of requirements that would be appropriate for all teams, but it is possible and helpful to list and describe the general set of topics and issues which are of concern and interest to constituent communities.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 3% of the total text.

Network Working Group N. Brownlee

Request for Comments: 2350 The University of Auckland

BCP: 21 E. Guttman

Category: Best Current Practice Sun Microsystems

June 1998

Expectations for Computer Security Incident Response

Status of this Memo

This document specifies an Internet Best Current Practices for the

Internet Community, and requests discussion and suggestions for

improvements. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

Abstract

The purpose of this document is to express the general Internet

community's expectations of Computer Security Incident Response Teams

(CSIRTs). It is not possible to define a set of requirements that

would be appropriate for all teams, but it is possible and helpful to

list and describe the general set of topics and issues which are of

concern and interest to constituent communities.

CSIRT constituents have a legitimate need and right to fully

understand the policies and procedures of 'their' Computer Security

Incident Response Team. One way to support this understanding is to

supply detailed information which users may consider, in the form of

a formal template completed by the CSIRT. An outline of such a

template and a filled in example are provided.

Table of Contents

1 Introduction ....................................................2

2 Scope............................................................4

2.1 Publishing CSIRT Policies and Procedures ....................4

2.2 Relationships between different CSIRTs ......................5

2.3 Establishing Secure Communications ..........................6

3 Information, Policies and Procedures.............................7

3.1 Obtaining the Document.......................................8

3.2 Contact Information .........................................9

3.3 Charter ....................................................10

3.3.1 Mission Statement.....................................10

3.3.2 Constituency..........................................10

3.3.3 Sponsoring Organization / Affiliation.................11

3.3.4 Authority.............................................11

3.4 Policies ...................................................11

3.4.1 Types of Incidents and Level of Support...............11

3.4.2 Co-operation, Interaction and Disclosure of

Inf...