BRUSSELS Greece January 20, 2011
Recent reports of increased cyber attacks in 2010 has made the need for and use of the Agency report on how to fight Cyber attacks even more topical and current. The Good practice guide for incident management focuses on the incident handling process. Incident handling is the core service carried out by most CERTs. This involves the detection and registration of incidents, followed by so called ‘triage’ (classifying, prioritising and assigning incidents), incident resolution, closing and post-analysis.
Other topics covered by the guide include; - basics of a CERT, - its mission, constituency and authority, - organisational framework, - roles within a CERT, - workflows, - internal policies, - cooperation with external parties, - outsourcing, and - how to present the work to the management.
Europe Udo Helmbrecht
(Due to the length of these URLs, it may be necessary to copy and paste these hyperlinks into your Internet browser’s URL address field. Remove the space if one exists.)
The Good practice guide for incident management is a follow-up to the ENISA CERT setting-up guide ( http://www.enisa.europa.eu/act/cert/support/guide). This new guide facilitates ENISA’s effort to reinforce the capabilities of national / governmental CERTs, the ‘digital firebrigades’, which are one of the key players in the critical information infrastructure protection (CIIP) at Member State levels.
The target audience for the guide are the technical staff and management of governmental and other institutions operating a Computer Emergency Response Team (CERT) in order to protect IT infrastructure. Yet, any group or team that handles information or network security incidents can benefit from following this guide.
Read the full report: http://www.enisa.europa.eu/act/cert/support/incident-management
SOURCE ENISA – European Network and Information Security Agency