The association promotes and supports information
sharing and cooperation among CSIRTs in Japan. Computer security
incidents should lead to mutual cooperation to limit system damage,
to nationwide early warning announcements, and to joint drills to
execute defensive measures. The association also holds workshops and
events to support companies to set up new CSIRTs, and offers suggestions
to them on improving security.
"CSIRT Starter Kit" describes the issues that should be carefully addressed and matters that should be defined when creating a computer security incident response team (CSIRT). It also refers to the procedures that should be followed when formulating a plan for incident response in an organization and aims to serve as a general guide for creating a CSIRT.
Japanese companies tend to increase investment in human resources such
as setting up security management divisions and deploying security
administrators as there is an increase in cyber attacks and damage
caused by internal crimes. This tendency is also evident in the rapid
growth in the number of member teams at the Nippon CSIRT Association.
However, much is talked about the “lack of security personnel” without
any clarification on what needs to be done by CSIRTs, how to secure the
necessary human resources, and how to train the resources acquired.
This document unravels the chaotic issues and summarizes the roles
required for CSIRT as well as training and skills of human resources
necessary to fulfill the roles. Also, it broadly categorizes the
enterprise into three models and explains which roles could be
insourced/outsourced for each model, as a reference.
CSIRT Human Resources Sub-Working Group will continue to hold
discussions and make revisions using the feedback received from many
people involved in CSIRT activities.
It is much appreciated if this document can be of any help towards the activities of newly established CSIRTs in Japan.
CSIRTs in the association cooperate with other members to solve mutual challenges. Members can form a working group with any other member and/or participate in any number of groups.
Challenges are identified and analyzed through discussions by members of the CSIRT Association and outside organizations that are considering to form their own CSIRTs. Also,materials are compiled to provide solutions.
Information about computer security threats are shared with other CSIRTs in the spirit of close cooperation and mutual trust.
Useful data is compiled for the support and improvement of existing teams and for the creation of new CSIRTs in Japan, by providing and coordinating information such as the purpose, position, authority, number of team members, budget, etc., of each CSIRT.
For each security incident, guidelines are formulated to include the investigation of response techniques and forensics analysis techniques, as well as response procedures, that adapt to security incident trends in Japan.
The issue of how to utilize incident related information (to share, exchange, and disclose)within the framework of the association is considered.
Honeynet Project is an organization of a community for security engineers around the world. They promote to develop honeypot software on several projects and provide critical security information through intelligence report such as “Know Your Enemy”.
© Nippon CSIRT Association. All Rights Reserved.