Outline of activities of Nippon CSIRT Association

The association promotes and supports information sharing and cooperation among CSIRTs in Japan. Computer security incidents should lead to mutual cooperation to limit system damage,
to nationwide early warning announcements, and to joint drills to execute defensive measures. The association also holds workshops and events to support companies to set up new CSIRTs, and offers suggestions to them on improving security.

NCA Publications

CSIRT Starter Kit

"CSIRT Starter Kit" describes the issues that should be carefully addressed and matters that should be defined when creating a computer security incident response team (CSIRT). It also refers to the procedures that should be followed when formulating a plan for incident response in an organization and aims to serve as a general guide for creating a CSIRT.

Definition of Roles Required for CSIRT (Ver.1.5)

Japanese companies tend to increase investment in human resources such as setting up security management divisions and deploying security administrators as there is an increase in cyber attacks and damage caused by internal crimes. This tendency is also evident in the rapid growth in the number of member teams at the Nippon CSIRT Association. However, much is talked about the “lack of security personnel” without any clarification on what needs to be done by CSIRTs, how to secure the necessary human resources, and how to train the resources acquired.

This document unravels the chaotic issues and summarizes the roles required for CSIRT as well as training and skills of human resources necessary to fulfill the roles. Also, it broadly categorizes the enterprise into three models and explains which roles could be insourced/outsourced for each model, as a reference.

CSIRT Human Resources Sub-Working Group will continue to hold discussions and make revisions using the feedback received from many people involved in CSIRT activities.

It is much appreciated if this document can be of any help towards the activities of newly established CSIRTs in Japan.

About the working groups

CSIRTs in the association cooperate with other members to solve mutual challenges. Members can form a working group with any other member and/or participate in any number of groups.

Working group under activity (WG)

Working group for CSIRT challenges

Challenges are identified and analyzed through discussions by members of the CSIRT Association and outside organizations that are considering to form their own CSIRTs. Also,materials are compiled to provide solutions.

Working group for sharing threat information

Information about computer security threats are shared with other CSIRTs in the spirit of close cooperation and mutual trust.

Working group for CSIRT fact sheets

Useful data is compiled for the support and improvement of existing teams and for the creation of new CSIRTs in Japan, by providing and coordinating information such as the purpose, position, authority, number of team members, budget, etc., of each CSIRT.

Working group for technical investigation of incidents

For each security incident, guidelines are formulated to include the investigation of response techniques and forensics analysis techniques, as well as response procedures, that adapt to security incident trends in Japan.

Working group for the examination of framework for use of incident information

The issue of how to utilize incident related information (to share, exchange, and disclose)within the framework of the association is considered.

Working group for Honeynet Project Japan Chapter
Consider the establishment of Honeynet Project Japan Chapter.

Honeynet Project is an organization of a community for security engineers around the world. They promote to develop honeypot software on several projects and provide critical security information through intelligence report such as “Know Your Enemy”.