Cert/csirt

Networking/Security Forums -> Security Related Software

Author: georgec PostPosted: Thu May 19, 2011 7:51 pm    Post subject: Cert/csirt
    ----
What software do you recommend to handle incidents in CERT/CSIRT setups?

Author: Fire AntLocation: London PostPosted: Fri May 20, 2011 10:12 am    Post subject:
    ----
Hi George,

Having worked through getting ISO27001 certification for a financial institution I found its not about the software but about processes and procedures. The software is very dependent on your environment.

Fire Ant

Author: georgec PostPosted: Fri May 20, 2011 6:50 pm    Post subject:
    ----
Thanks Fire Ant,
It's true that processes and procedures are of utmost importance but my concern is that I might need to interface the system with other CERT's applications in the future!

Author: Fire AntLocation: London PostPosted: Sun May 22, 2011 4:08 pm    Post subject:
    ----
You should certainly have some procedures and guidelines in place when creating an incident response plan. This really does depend on your environment though. You may not need to specify any software, it could be as simple as stating that you will call a qualified forensic/investigative team. It depends how deep you want to go.

Good Luck,

Fire Ant

Author: georgec PostPosted: Tue May 24, 2011 9:14 am    Post subject:
    ----
Thanks for the feedback. Actually, I am working on a project that coordinates more than one CERT, like having a main point of contact for several CERTs where incidents can be escalated to other CERTs through this unit. Back to my original question: I would need a common incident handling software application that interfaces with the others, at the moment I am visiting each CERT to create a list of products used!



Networking/Security Forums -> Security Related Software


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group