Our IT security team: a guide for CSIRTs

Bethany Reid
Monday 16 December 2019

The St Andrews CSIRT (Computer Security Incident Response Team) is here to respond to security incidents where there is an electronic element.

Those incidents could take many forms. Some examples are DoS attacks, attempts to gain unauthorised access or major virus outbreaks.

They also give advice on how projects can fulfill IT security requirements and can provide guidance when selecting a technical solution. Visit the Research Technology Service for more details.

 

How do I contact St Andrews CSIRT?

There is a dedicated email address [email protected], they also provide a GPG key in case you need to encrypt sensitive data.

For general information, please contact the IT Service Desk.

 

RFC 2350

As a Computer Security Incident Response Team, they are expected by the internet community to follow best practice. This includes provide contact details and templates for their incident responses. These will originally set out by the Guidelines and Recommendations for Security Incident Processing Working Group and can be read online.

 

Standard Categories for Incident Response

St Andrews CSIRT uses the “Standard Categories for Incident Response” to define cyber security incidents.

Other institutes are free to use these definitions. It is felt that the more places that use defined standards, the more we can share information (as we are “speaking about the same things”).

From 2018, the standard has been split into two parts;

Definitions: These are the definitions for each of the incident categories. Teams can use these definitions for their internal reporting.

Joint Metrics: If a team uses the standard categories, they are welcome to submit the data for comparison with other teams. This document explains how to go about this.

In addition to the standards, we have made our standard category playbooks and thehive templates available for other organisations to use and adapt. There is a playbooks and templates available for each of the incident categories.  

Please get in touch if you have any questions about the standard: [email protected]

Subscribe to the IT Services blog

Enter your email address to subscribe to this blog to receive notifications of new posts.