RFC 2350 (rfc2350) - Page 1 of 38


Expectations for Computer Security Incident Response



Alternative Format: Original Text Document



Network Working Group                                       N. Brownlee
Request for Comments: 2350                   The University of Auckland
BCP: 21                                                      E. Guttman
Category: Best Current Practice                        Sun Microsystems
                                                              June 1998


          Expectations for Computer Security Incident Response

Status of this Memo

   This document specifies an Internet Best Current Practices for the
   Internet Community, and requests discussion and suggestions for
   improvements.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1998).  All Rights Reserved.

Abstract

   The purpose of this document is to express the general Internet
   community's expectations of Computer Security Incident Response Teams
   (CSIRTs). It is not possible to define a set of requirements that
   would be appropriate for all teams, but it is possible and helpful to
   list and describe the general set of topics and issues which are of
   concern and interest to constituent communities.

   CSIRT constituents have a legitimate need and right to fully
   understand the policies and procedures of 'their' Computer Security
   Incident Response Team.  One way to support this understanding is to
   supply detailed information which users may consider, in the form of
   a formal template completed by the CSIRT.  An outline of such a
   template and a filled in example are provided.

Table of Contents

   1 Introduction ....................................................2
   2 Scope............................................................4
     2.1 Publishing CSIRT Policies and Procedures ....................4
     2.2 Relationships between different CSIRTs ......................5
     2.3 Establishing Secure Communications ..........................6
   3 Information, Policies and Procedures.............................7
     3.1 Obtaining the Document.......................................8
     3.2 Contact Information .........................................9
     3.3 Charter ....................................................10
         3.3.1 Mission Statement.....................................10
         3.3.2 Constituency..........................................10



Brownlee & Guttman       Best Current Practice