№1, 2011

Yadigar N. Imamverdiyev

Incident response is an important aspect of information security management. In this paper the methodology of creating AZ-CERT team for scientific computer network AzScienceNet is described. The review of standard and scientific-methodical documents in the field of incident management is given, the choice of organizational structure and a set of services for AZ-CERT are substantiated, the model of stage-by-stage creation of a CERT-team is proposed. The description of the general process of incident response in network AzScienceNet and technical infrastructure of AZ-CERT is presented as well. (p. 15-26)

Keywords:information security, information security incident, incident response, computer emergency response team.
  • West-Brown M.J., Stikvoort D., Kossakowski K.P. Handbook for computer security incident response teams (CSIRTs). Report: CMU/SEI-98-HB-001. Carnegie Melon University/Software Engineering Institute. 1998, 222 p.
  • Killcrece G., Kosakowsky K., Ruefle R., Zajicek M. State of the practice of Computer Security Incident Response Team (CSIRT‘s). Technical Report No. IA-233, Carnegie Mellon Software Engineering Institute. 2003, 291 p.
  • ISO/IEC TR 18044:2004 – Information technology – Security techniques – Information security incident management. 2004. 50 p.
  • Alberts C., Dorofee A., Ruefle R., Killcrece G., Zajicek M. Defining Incident Management Processes for CSIRTs: A Work in Progress. Technical Report CMU/SEI-2004-TR-015, 2004, 249 p.
  • NIST Special Publication 800-61: Computer security incident handling guide. National Institute of Standards and Technology. January 2004, 148 p.
  • Northcutt S. Computer Security Incident Handling: Step-by-Step (Version 2.3.1). SANS Institute, 2003, 76 p.
  • A step-by-step approach on how to set up a CSIRT. 2007. 86 p. http://www.enisa.europa.eu/act/cert/ support/guide
  • Clearinghouse of Incident Handling Tools (CHIHT) http://www.enisa. europa.eu/act/cert/ support/chiht
  • Killcrece G., Steps for Creating National CSIRTs, Software Engineering Institute, Carnegie Mellon University, Carnegie Mellon University, 2004, 26 p. http://www.cert.org/archive/ pdf/NationalCSIRTs.pdf.
  • Имамвердиев Я.Н. Поэтапный подход к созданию национальной CERT // Материалы республиканской научной конференции «Вопросы применения математики и новые информационные технологии» – Сумгайыт, 26–27 ноября, 2007, стр. 252–254 (на азербайджанском языке).
  • Grobler M., Bryk H. Common challenges faced during the establishment of a CSIRT // Information Security for South Africa (ISSA), 2010, 2-4 August, 2010, Sandton, Johannesburg, pp.1-6.
  • Killcrece G, Kossakowski KP, Ruefle R, Zajicek M. Organizational models for computer incident response teams (CSIRTs). Report: CMU/SEI-2003-HB-001. Carnegie Melon University/Software Engineering Institute. 2003, 158 p.
  • Van Wyk K., Forno R. Incident response. NY: O’Reilly. 2001, 240 p.
  • Mitropoulos S., Patsos D., Douligeris C. On Incident Handling and Response: A state-of-the-art approach / Computers & Security, v.25, no.5, 2006, pp. 351-370.
  • Brownlee N., Guttman E. Expectations for Computer Security Incident Response. – RFC 2350, BCP 21, 1998, 38 p.
  • Penedo D. Technical Infrastructure of a CSIRT // International Conference on Internet Surveillance and Protection – ICISP '06, 26-28 August 2006, Cote d'Azur, France, pp.27-35.
  • Ruefle R., Rajnovic D. FIRST Site Visit Requirements and Assessment, version 1.0, 4/2006, 22 p. http://www.first.org/membership/site-visit-V1.0.pdf.
  • RTIR: Request Tracker for Incident Response. http://www.bestpractical.com/rtir/
  • Kácha P. OTRS: Tool for Security Incident Reports Management. Technical report 12/20074. Praha: CESNET, 2007, 13 p. http://www.cesnet.cz/doc/techzpravy/2007/otrs/.