FIRST Releases Updated Computer Security Incident Response Team (CSIRT) Services Framework

The Forum of Incident Response and Security Teams (FIRST) has released an updated version of its Computer Security Incident Response Team (CSIRT) Services Framework.

The new framework was developed by recognized experts from the FIRST community with strong support from the Task Force CSIRT (TF-CSIRT) Community, and the International Telecommunications Union (ITU). The mission and purpose of the CSIRT Services Framework is to facilitate the establishment and improvement of CSIRT operations, especially in supporting teams that are in the process of choosing, expanding, or improving their service portfolio. Version 2.1 is available now to member organizations worldwide on the FIRST website.

Version 2.1 is an improved version of the second version of the CSIRT Services Framework that was developed last year and was revised, restructured and expanded after receiving important feedback from a number of expert members. Version 2.1 provides, for the first time, a consistent framework by identifying and defining core categories of services and their sub-components, says a press release.. The Framework will provide the basis of further work that will include examples of good practice, as well as desired knowledge, skills, and abilities in a CSIRT.

In-depth knowledge and long-term cybersecurity experience, as well as capability and capacity were vital to the development of the new update said Prof. Dr. Klaus-Peter Kossakowski, who was the key driver behind version 2.1: “We benefited greatly from the CSIRT Development team of the CERT Program at the Software Engineering Institute at CMU where I had worked in the past as a visiting scientist on many related projects. These same projects provided the baseline for the recent update, which was truly needed to define standards and provide the means to significantly increase the maturity of computer security incident response teams.”

Prof. Dr. Klaus-Peter Kossakowski (HAW Hamburg) won FIRST’s annual The Incident Response Hall of Fame award in 2019. Kossakowski was recognized for making significant contributions to the development and advancement of global security. As a long-term veteran in the cyber security community and past chair of FIRST, Prof. Dr. Klaus-Peter Kossakowski has considerably helped to raise the awareness for Computer Emergency Response Teams (CERTs) concentrating on international issues, information sharing and coordinated cooperation, as well as establishing an international infrastructure for Cyber Defense.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.