FIRST SIRT services v2
0 likes300 views
This document outlines a framework for security incident response team services, including incident management, analysis, information assurance, situational awareness, outreach/communications, and capability building. It details the specific sub-functions and processes within each of these high-level service areas. For example, incident management includes incident handling, analysis, and mitigation/recovery, with processes like incident validation, tracking, collection, coordination, and containment. Information assurance encompasses risk management, compliance management, and technical security support.
![Chat Application [Full Documentation]](https://cdn.slidesharecdn.com/ss_thumbnails/finaldoconchatapp-170418182505-thumbnail.jpg?width=560&fit=bounds)
More Related Content
Viewers also liked (8)
Similar to FIRST SIRT services v2 (20)
FIRST SIRT services v2
- 1. Services, Functions and Sub-functions 1 Incident Management 1.1 Incident Handling 1.1.1 Incident Validation and Classification 1.1.2 Incident Tracking 1.1.3 Information Collection 1.1.4 Coordination and reporting 1.1.5 Communication with news media 1.2 Incident Analysis 1.2.1 Impact Analysis 1.2.2 Mitigation Analysis 1.2.3 Recovery Analysis 1.3 Incident Mitigation and Recovery 1.3.1 Containment (self-spreading directed incidents) 1.3.2 Restore confidentiality, integrity, availability 2 Analysis 2.1 Artifact Analysis 2.1.1 Surface Analysis 2.1.2 Reverse Engineering 2.1.3 Run Time Analysis 2.1.4 Comparative Analysis 2.2 Media Analysis 2.3 Vulnerability / Exploitation Analysis 2.3.1 Technical (Malware) Vulnerability / Exploitation Path Analysis 2.3.2 Root Cause Analysis 2.3.3 Remediation Analysis 2.3.4 Mitigation Analysis 3 Information Assurance 3.1 Risk Management 3.1.1 Risk Assessment 3.1.1.1 Inventory of Critical Asset/Data 3.1.1.2 Standards Evaluation 3.1.1.3 Execute Assessment 3.1.1.4 Findings & Recommendations 3.1.1.5 Tracking 3.1.1.6 Testing 3.1.2 Risk Assessment Advice 3.2 Compliance Management 3.2.1 Manage Compliance Requirements/Standards 3.2.2 Compliance Assessment 3.3 Operating Policies Support 3.4 Business Continuity and Disaster Recovery Planning Support 3.5 Technical Security Support 3.6 Patch Management 6 Capability Building 6.1 Organizational Metrics 6.2 Training and Education 6.2.1 Knowledge, Skill, and Ability Requirements Gathering 6.2.2 Development of Educational and Training Materials 6.2.3 Delivery of Content 6.2.4 Mentoring 6.2.5 Professional Development 6.2.6 Skill Development 6.3 Conducting Exercises 6.3.1 Requirements Analysis 6.3.2 Format and Environment Development 6.3.3 Scenario Development 6.3.4 Executing Exercises 6.3.5 Exercise Outcome Review 6.4 Technical Advice 6.4.1 Infrastructure Design and Engineering 6.4.2 Infrastructure Procurement 6.4.3 Tools Evaluation 6.4.4 Infrastructure Resourcing 6.5 Lesson Learned Analysis 6.6 Development of Vulnerability Discovery/Analysis/ Remediation/Root Cause Analysis Methodologies 6.7 Development of processes for Gathering/Fusing/ Correlating Security Intelligence 6.8 Development of Tools 5 Outreach/Communications 5.1 Security Awareness Raising 5.2 Cybersecurity Strategic Policy Advisement 5.2.1 Function -Policy Consultancy 5.2.2 Legal Consultancy 5.3 Knowledge Sharing and Publications Dissemination 5.3.1 Public Service Announcements 5.3.2 Publication/Dissemination of Information 4 Situational Awareness 4.1 Sensor Operation 4.1.1 Requirements Analysis 4.1.2 Data Source Identification 4.1.3 Legitimizing Collection 4.1.4 Data Acquisition 4.1.5 Sensor Management 4.1.6 Results Management 4.2 Fusion and Correlation 4.2.1 Determine Fusion Algorithms 4.2.2 Fusion Analysis 4.3 Development and Curation of Security Intelligence 4.3.1 Source Identification and Inventory 4.3.2 Source Content Collection and Cataloging 4.3.3 Information sharing Forum of Incident Response and Security Teams, Inc. Security Incident Response Team (SIRT) Services Framework Version 2.0, 2016 10 12