How to form an Incident Response Team

This paper examines the role an IRT may play in the community, and the issues that should be addressed both during the formation and after commencement of operations. It may be of benefit to existing IRTs as it may raise awareness of issues not previously addressed.

• http://www.cert.org/csirts/csirt_faq.html
• http://www.cert.org/csirts/resources.html
• http://www.terena.nl/tech/task-forces/tf-csirt/irt-docs.html

RFC2350 Expectations for Computer Security Incident Response

The purpose of this document is to express the general Internet community's expectations of Computer Security Incident Response Teams (CSIRTs). It is not possible to define a set of requirements that would be appropriate for all teams, but it is possible and helpful to list and describe the general set of topics and issues which are of concern and interest to constituent communities.

• http://www.ietf.org/rfc/rfc2350.txt

RFC1244 Site Security Handbook by the Internet Engineering Task Force

This handbook is a guide to setting computer security policies and procedures for sites that have systems on the Internet. This guide lists issues and factors that a site must consider when setting their own policies. It makes some recommendations and gives discussions of relevant areas. This guide is only a framework for setting security policies and procedures. In order to have an effective set of policies and procedures, a site will have to make many decisions, gain agreement, and then communicate and implement the policies.

• http://www.ietf.org/rfc/rfc1244.txt

RFC1281 Guidelines for the Secure Operation of the Internet from the IETF

The purpose of this document is to provide a set of guidelines to aid in the secure operation of the Internet. This includes a sample of Network Security Policy from UEL and UNIX Security Checklist.

• http://www.ietf.org/rfc/rfc1281.txt