Stepping out of the Shadow

2021 ◽  
pp. 296-313
Author(s):  
Nicole van der Meulen
Keyword(s):  
Computer Security ◽  
Emergency Response ◽  
Cyber Security ◽  
Historical Background ◽  
Incident Response ◽  
Security Incident ◽  
Different Types ◽  
Response Team ◽  
Insight Into ◽  
Different Parts

After the discovery of the Morris Worm in November 1988, the first Computer Emergency Response Team (CERT) was established. During the following years, other CERTs or Computer Security Incident Response Teams (CSIRTs) were established in different parts of the globe. Now, three decades later, CSIRTs have become an integral part of the cyber security ecosystem. This chapter aims to provide an insight into the evolution of CSIRTs by describing their historical background, their different types and services, as well as the challenges they are encountering as the topic of cyber security becomes more pertinent and political.

scholarly journals FORMACIÓN DE UN COMPUTER SECURITY INCIDENT RESPONSE TEAM EN LA UNIVERSIDAD NACIONAL DE INGENIERIA CSIRT-UNI

2019 ◽  
pp. 70-73
Keyword(s):  
Computer Security ◽  
Emergency Response ◽  
Incident Response ◽  
Security Incident ◽  
Coordination Center ◽  
National University ◽  
Response Team

FORMACIÓN DE UN COMPUTER SECURITY INCIDENT RESPONSE TEAM EN LA UNIVERSIDAD NACIONAL DE INGENIERIA CSIRT-UNI FORMATION OF A COMPUTER SECURITY INCIDENT RESPONSE TEAM IN THE NATIONAL UNIVERSITY OF ENGINEERING CSIRT-UNI Erik J. Borda Castillo, Cristhian Pacheco Castillo DOI: https://doi.org/10.33017/RevECIPeru2004.0020/ RESUMEN El presente trabajo consiste en proponer la formación de un Equipo de Respuestas a Incidentes de Seguridad Informática en la Universidad Nacional de Ingeniería, que debiera responder de manera efectiva y oportuna a determinados incidentes de seguridad informática de nuestra universidad y algunos sectores de la sociedad. Asimismo, esta iniciativa denominada CSIRT-UNI busca impulsar activamente y formar parte del Centro de Coordinación Peruano de Respuesta a Emergencias de Seguridad Informática denominado PERUCERT/CC. Palabras claves: CSIRT, CERT, Manejo de Incidentes, Seguridad Informática. ABSTRACT The present work consists of proposing the formation of a Computer Security Incident Response Team in the National University of Engineering, which had to respond of effective and opportune way to determined incident of computer security of our university and some sectors of the society. Also, this denominated initiative CSIRT-UNI looks for to impel actively and to comprise of the Peruvian’s Coordination Center / Computer Emergency Response Team denominated PERUCERT/CC. Keywords: CSIRT, CERT, Incidents Handling, Computer Security.

Computer Security Incident Response Team Development and Evolution

2014 ◽  
Vol 12 (5) ◽  
pp. 16-26 ◽  
Author(s):  
Robin Ruefle ◽  
Audrey Dorofee ◽  
David Mundie ◽  
Allen D. Householder ◽  
Michael Murray ◽  
...  
Keyword(s):  
Computer Security ◽  
Team Development ◽  
Incident Response ◽  
Security Incident ◽  
Response Team ◽  
Development And Evolution

scholarly journals Proposal for an Implementation Guide for a Computer Security Incident Response Team on a University Campus

Computers ◽  
2021 ◽  
Vol 10 (8) ◽  
pp. 102
Author(s):  
William Villegas-Ch. ◽  
Ivan Ortiz-Garces ◽  
Santiago Sánchez-Viteri
Keyword(s):  
Computer Security ◽  
Information Technologies ◽  
New Technologies ◽  
National Level ◽  
Incident Response ◽  
University Campus ◽  
Test Bed ◽  
Security Incident ◽  
Response Team ◽  
New Treatments

Currently, society is going through a health event with devastating results. In their desire to control the 2019 coronavirus disease, large organizations have turned over the execution of their activities to the use of information technology. These tools, adapted to the use of the Internet, have been presented as an effective solution to the measures implemented by the majority of nations where quarantines are generalized. However, the solution given by information technologies has several disadvantages that must be solved. The most important in this regard is with the serious security incidents that exist, where many organizations have been compromised and their data has been exposed. As a solution, this work proposes the design of a guide that allows for the implementation of a computer incident response team on a university campus. Universities are optimal environments for the generation of new technologies; they also serve as the ideal test bed for the generation of security policies and new treatments for incidents in an organization. In addition, with the implementation of the computer incident response team in a university, it is proposed to be part of a response group to any security incident at the national level.

scholarly journals Observing Cyber Security Incident Response: Qualitative Themes From Field Research

2019 ◽  
Vol 63 (1) ◽  
pp. 437-441 ◽  
Author(s):  
Megan Nyre-Yu ◽  
Robert S. Gutzwiller ◽  
Barrett S. Caldwell
Keyword(s):  
Computer Security ◽  
Cyber Security ◽  
Field Research ◽  
Future Research ◽  
Incident Response ◽  
Organization Learning ◽  
Security Incident ◽  
Technology Advancement ◽  
Contextual Understanding ◽  
Different Levels

Cyber security increasingly focuses on the challenges faced by network defenders. Cultural and security-driven sentiments about external observation, as well as publication concerns, limit the ability of researchers to understand the context surrounding incident response. Context awareness is crucial to inform design and engineering. Furthermore, these perspectives can be heavily influenced by the targeted sector or industry of the research. Together, a lack of broad contextual understanding may be biasing approaches to improving operations, and driving faulty assumptions in cyber teams. A qualitative field study was conducted in three computer security incident response teams (CSIRTs) and included perspectives of government, academia, and private sector teams. Themes emerged and provide insights across multiple aspects of incident response, including information sharing, organization, learning, and automation. The need to focus on vertical integration of issues at different levels of the incident response system is also discussed. Future research will build upon these results, using them to inform technology advancement in CSIR settings.

Cyber Security Centres for Threat Detection and Mitigation

2017 ◽  
pp. 21-51 ◽  
Author(s):  
Marthie Grobler ◽  
Pierre Jacobs ◽  
Brett van Niekerk
Keyword(s):  
Computer Security ◽  
Cyber Security ◽  
Threat Detection ◽  
Incident Response ◽  
Security Incident ◽  
Cyber Threats ◽  
National Significance

With the continuing evolution of cyber threats, it is only a matter of time before an organisation will suffer a major breach or there is an incident of national significance. This necessitates monitoring to detect possible incidents and mechanisms to respond and recover from breaches. This chapter provides an overview of structures to aid in threat detection and incident recovery. Security Operation Centres (SOCs), Computer Security Incident Response Teams (CSIRTs), and Security Intelligence Centres (SICs) will be covered, and the differences, benefits and limitations will be discussed. Guidance for the implementation of these security capabilities within organisations will be provided.

Cyber Security Centres for Threat Detection and Mitigation

2018 ◽  
pp. 953-976
Author(s):  
Marthie Grobler ◽  
Pierre Jacobs ◽  
Brett van Niekerk
Keyword(s):  
Computer Security ◽  
Cyber Security ◽  
Threat Detection ◽  
Incident Response ◽  
Security Incident ◽  
Cyber Threats ◽  
National Significance

With the continuing evolution of cyber threats, it is only a matter of time before an organisation will suffer a major breach or there is an incident of national significance. This necessitates monitoring to detect possible incidents and mechanisms to respond and recover from breaches. This chapter provides an overview of structures to aid in threat detection and incident recovery. Security Operation Centres (SOCs), Computer Security Incident Response Teams (CSIRTs), and Security Intelligence Centres (SICs) will be covered, and the differences, benefits and limitations will be discussed. Guidance for the implementation of these security capabilities within organisations will be provided.

scholarly journals The Importance of the Three P's in the Investigation

2021 ◽  
Vol 1 (1-3) ◽  
pp. 42-46
Author(s):  
John William Walker
Keyword(s):  
Life Cycle ◽  
Case Management ◽  
Computer Security ◽  
Real World ◽  
Security Protocols ◽  
Essential Elements ◽  
Incident Response ◽  
Security Incident ◽  
Related Data ◽  
Response Team

This article introduces the importance of process during the investigation and the acquisition phases of logical/physical artifacts which may be required during the course of such professional engagement. The article then focuses on the necessity to have a robust supportive framework in a state of preparedness to facilitate the First Responders and CSIRT (Computer Security Incident Response Team) with the necessary underpin to support such investigative engagements – considering effective and pragmatic Policies, Case Management, operational Security Protocols (Run-Books) and all other necessary attributes to underpin a professional, prepared posture from which a team may effectively, and robustly engage an investigation/incident. To elaborate on the importance of such an approach, we outline a number of real-world cases where ineffective processes and controls were applied. Finally, we review the essential elements of securely managing case-related data, and the absolute need to apply security mechanisms such as Certified Standards of FIPS-140-2 encryption to secure sensitive case related assets to assure they are robustly protected at all stages of their life cycle when they are in physical transit, or when they are at rest, associated with a desk-bound PC. The end objective to the entire article is to stress an absolute need to apply process to, as far as is practicable, to achieve positive conclusions from any investigation or incident which has been engaged.

A Model for Afghanistan’s Cyber Security Incident Response Team

2018 ◽  
Vol 8 (6) ◽  
pp. 2620
Author(s):  
Islahuddin Jalal ◽  
Maryati Mohd Yusof ◽  
Zarina Shukur ◽  
Mohd. Rosmadi Mokhtar
Keyword(s):  
Cyber Security ◽  
Incident Response ◽  
Security Incident ◽  
Response Team
Sign in / Sign up

Export Citation Format

Share Document