Setting up a Computer Security Incident Response Team (CSIRT)
You can set up your own Computer Security Incident Response Team (CSIRT) for your institution. Such a team handles security incidents in networks. SURFcert supports setting up a CSIRT in your institution.
Responsibility for the institutional network
Local teams can be set up in a variety of ways, which can lead to a number of possible structures. The agreement between all CSIRTs within the SURFnet target group is that each CSIRT takes responsibility for its own institutional network, including any connected ancillary (e.g. departmental) networks.
Standardised method: RFC 2350
When setting up a CSIRT, it is important that the organisation, structure and methods used are standardised to a certain extent. This not only helps streamline a CSIRT's operational internal activities, but will also benefit collaboration with other CSIRTs.
Internet usage (and other) standards provide a useful blueprint that can help a CSIRT to implement the above aspects in a structured manner: the RFC 2350. Download the blueprint for use as a basis to be further adapted by the organisation itself.
Registering with SURFcert
Once your CSIRT has been set up and fulfils certain administrative requirements, the team will be registered by SURFcert (contact firstname.lastname@example.org or 088 - 787 30 00. From that point on, your CSIRT will also be included in the index of SURFcert registered teams.
- National Cyber Security Centre (NCSC) - domain: all government bodies. A warning service is available for private citizens and smaller-scale SMEs.
- KCSIRT - domain: all schools in the Netherlands, excluding higher education.
- KPN-CERT - domain: all KPN customers
Information on all European teams can be found at Trusted Introducer for CSIRTs in Europe by GÉANT
SCIRT: the SURFnet Community of Incident Response Teams
The SURFnet Community of Incident Response Teams (SCIRT) is a group comprising the members of the Computer Security Incident Response Teams (CSIRTs) at the institutions connected to SURFnet. SCIRT is the main forum where operational security experts discuss current security challenges and exchange the latest tips and information.