Computer Security Incident Response Team Development and Evolution

2014 ◽  
Vol 12 (5) ◽  
pp. 16-26 ◽  
Author(s):  
Robin Ruefle ◽  
Audrey Dorofee ◽  
David Mundie ◽  
Allen D. Householder ◽  
Michael Murray ◽  
...  
Keyword(s):  
Computer Security ◽  
Team Development ◽  
Incident Response ◽  
Security Incident ◽  
Response Team ◽  
Development And Evolution

scholarly journals Proposal for an Implementation Guide for a Computer Security Incident Response Team on a University Campus

Computers ◽  
2021 ◽  
Vol 10 (8) ◽  
pp. 102
Author(s):  
William Villegas-Ch. ◽  
Ivan Ortiz-Garces ◽  
Santiago Sánchez-Viteri
Keyword(s):  
Computer Security ◽  
Information Technologies ◽  
New Technologies ◽  
National Level ◽  
Incident Response ◽  
University Campus ◽  
Test Bed ◽  
Security Incident ◽  
Response Team ◽  
New Treatments

Currently, society is going through a health event with devastating results. In their desire to control the 2019 coronavirus disease, large organizations have turned over the execution of their activities to the use of information technology. These tools, adapted to the use of the Internet, have been presented as an effective solution to the measures implemented by the majority of nations where quarantines are generalized. However, the solution given by information technologies has several disadvantages that must be solved. The most important in this regard is with the serious security incidents that exist, where many organizations have been compromised and their data has been exposed. As a solution, this work proposes the design of a guide that allows for the implementation of a computer incident response team on a university campus. Universities are optimal environments for the generation of new technologies; they also serve as the ideal test bed for the generation of security policies and new treatments for incidents in an organization. In addition, with the implementation of the computer incident response team in a university, it is proposed to be part of a response group to any security incident at the national level.

Stepping out of the Shadow

2021 ◽  
pp. 296-313
Author(s):  
Nicole van der Meulen
Keyword(s):  
Computer Security ◽  
Emergency Response ◽  
Cyber Security ◽  
Historical Background ◽  
Incident Response ◽  
Security Incident ◽  
Different Types ◽  
Response Team ◽  
Insight Into ◽  
Different Parts

After the discovery of the Morris Worm in November 1988, the first Computer Emergency Response Team (CERT) was established. During the following years, other CERTs or Computer Security Incident Response Teams (CSIRTs) were established in different parts of the globe. Now, three decades later, CSIRTs have become an integral part of the cyber security ecosystem. This chapter aims to provide an insight into the evolution of CSIRTs by describing their historical background, their different types and services, as well as the challenges they are encountering as the topic of cyber security becomes more pertinent and political.

scholarly journals The Importance of the Three P's in the Investigation

2021 ◽  
Vol 1 (1-3) ◽  
pp. 42-46
Author(s):  
John William Walker
Keyword(s):  
Life Cycle ◽  
Case Management ◽  
Computer Security ◽  
Real World ◽  
Security Protocols ◽  
Essential Elements ◽  
Incident Response ◽  
Security Incident ◽  
Related Data ◽  
Response Team

This article introduces the importance of process during the investigation and the acquisition phases of logical/physical artifacts which may be required during the course of such professional engagement. The article then focuses on the necessity to have a robust supportive framework in a state of preparedness to facilitate the First Responders and CSIRT (Computer Security Incident Response Team) with the necessary underpin to support such investigative engagements – considering effective and pragmatic Policies, Case Management, operational Security Protocols (Run-Books) and all other necessary attributes to underpin a professional, prepared posture from which a team may effectively, and robustly engage an investigation/incident. To elaborate on the importance of such an approach, we outline a number of real-world cases where ineffective processes and controls were applied. Finally, we review the essential elements of securely managing case-related data, and the absolute need to apply security mechanisms such as Certified Standards of FIPS-140-2 encryption to secure sensitive case related assets to assure they are robustly protected at all stages of their life cycle when they are in physical transit, or when they are at rest, associated with a desk-bound PC. The end objective to the entire article is to stress an absolute need to apply process to, as far as is practicable, to achieve positive conclusions from any investigation or incident which has been engaged.

scholarly journals FORMACIÓN DE UN COMPUTER SECURITY INCIDENT RESPONSE TEAM EN LA UNIVERSIDAD NACIONAL DE INGENIERIA CSIRT-UNI

2019 ◽  
pp. 70-73
Keyword(s):  
Computer Security ◽  
Emergency Response ◽  
Incident Response ◽  
Security Incident ◽  
Coordination Center ◽  
National University ◽  
Response Team

FORMACIÓN DE UN COMPUTER SECURITY INCIDENT RESPONSE TEAM EN LA UNIVERSIDAD NACIONAL DE INGENIERIA CSIRT-UNI FORMATION OF A COMPUTER SECURITY INCIDENT RESPONSE TEAM IN THE NATIONAL UNIVERSITY OF ENGINEERING CSIRT-UNI Erik J. Borda Castillo, Cristhian Pacheco Castillo DOI: https://doi.org/10.33017/RevECIPeru2004.0020/ RESUMEN El presente trabajo consiste en proponer la formación de un Equipo de Respuestas a Incidentes de Seguridad Informática en la Universidad Nacional de Ingeniería, que debiera responder de manera efectiva y oportuna a determinados incidentes de seguridad informática de nuestra universidad y algunos sectores de la sociedad. Asimismo, esta iniciativa denominada CSIRT-UNI busca impulsar activamente y formar parte del Centro de Coordinación Peruano de Respuesta a Emergencias de Seguridad Informática denominado PERUCERT/CC. Palabras claves: CSIRT, CERT, Manejo de Incidentes, Seguridad Informática. ABSTRACT The present work consists of proposing the formation of a Computer Security Incident Response Team in the National University of Engineering, which had to respond of effective and opportune way to determined incident of computer security of our university and some sectors of the society. Also, this denominated initiative CSIRT-UNI looks for to impel actively and to comprise of the Peruvian’s Coordination Center / Computer Emergency Response Team denominated PERUCERT/CC. Keywords: CSIRT, CERT, Incidents Handling, Computer Security.

scholarly journals Aplicación de Inteligencia de Negocios para el análisis de vulnerabilidades en pro de incrementar el nivel de seguridad en un CSIRT académico

2018 ◽  
Vol 27 (47) ◽  
Author(s):  
Francisco Xavier Reyes-Mena ◽  
Walter Marcelo Fuertes-Díaz ◽  
Carlos Enrique Guzmán-Jaramillo ◽  
Ernesto Pérez-Estévez ◽  
Paúl Fernando Bernal-Barzallo ◽  
...  
Keyword(s):  
Computer Security ◽  
Business Intelligence ◽  
Security Level ◽  
Incident Response ◽  
Security Incident ◽  
Software Application ◽  
Strategic Factor ◽  
Detection Analysis ◽  
Response Team ◽  
Exclusive Or

This study aimed at designing a potential solution through Business Intelligence for acquiring data and information from a wide variety of sources and utilizing them in the decision-making of the vulnerability analysis of an Academic CSIRT (Computer Security Incident Response Team). This study was developed in a CSIRT that gathers a variety of Ecuadorian universities. We applied the Action-Research methodology with a qualitative approach, divided into three phases: First, we qualitatively evaluated two intrusion detection analysis tools (Passive Scanner and Snort) to verify their advantages and their ability to be exclusive or complementary; simultaneously, these tools recorded the real-time logs of the incidents in a MySQL related database. Second, we applied the Ralph Kimball's methodology to develop several routines that allowed applying the "Extract, Transform, and Load" process of the non-normalized logs that were subsequently processed by a graphical user interface. Third, we built a software application using Scrum to connect the obtained logs to the Pentaho BI tool, and thus, generate early alerts as a strategic factor. The results demonstrate the functionality of the designed solution, which generates early alerts, and consequently, increases the security level of the CSIRT members.

An Organizational Psychology Perspective to Examining Computer Security Incident Response Teams

2014 ◽  
Vol 12 (5) ◽  
pp. 61-67 ◽  
Author(s):  
Tiffani R. Chen ◽  
Daniel B. Shore ◽  
Stephen J. Zaccaro ◽  
Reeshad S. Dalal ◽  
Lois E. Tetrick ◽  
...  
Keyword(s):  
Computer Security ◽  
Organizational Psychology ◽  
Incident Response ◽  
Security Incident ◽  
Psychology Perspective

DSS for computer security incident response applying CBR and collaborative response

2010 ◽  
Vol 37 (1) ◽  
pp. 852-870 ◽  
Author(s):  
Huy Kang Kim ◽  
Kwang Hyuk Im ◽  
Sang Chan Park
Keyword(s):  
Computer Security ◽  
Incident Response ◽  
Security Incident
Sign in / Sign up

Export Citation Format

Share Document