In looking at the recent trend of information security accidents, we find that many organizations tend to take only supportive measures in response to an accident, while raising effort in unnecessary fields. It is important to prepare appropriate preventive measures, as well as to minimize and control(prevent outspread of) damages, and to develop the organization's capability to recover quickly. Larger corporates and businesses in which internet security is vital in their business activity, are now starting to prepare post-incident measures.

The Morris worm or Internet worm in 1988, was one of the first computer worms distributed via the Internet. Since then, enjoying the privilege and advantage of the Internet,by adding an extra layer on its security, have been two sides of the same coin. In November, 1988, CERT/CC was established as a liaison and coordination center for the concerned. As the world's very first CSIRT, its role continues to expand, with vulnerability analyses of chief security incident responses and related products as main forte.

• It is a service providing organization (team) that receives computer security incident claims, takes charge on reviewing them, and offers proper responses and services.
• Services offered by CSIRT are provided by constantly-established teams handling
• pre-defined targets, and by ad-hoc teams.

Typical CSIRT activities

• Setting up of a unified contact location where incidents can be reported upon occurrence
• Perception and analyses of what actually is happening (including the levels of damages and threats)
• Researching of tactics for solving issues and containing damages
• Sharing of information regarding response alternatives, knowledges, and lessons

What CSIRT aims to achieve (as goals)

• Containing and controlling damages
• Providing helpful responses and recovery support
• Providing support against reoccurrences

The way we look at incident response

Defining computer security incident

• Each organization has its own definition
• Site dependency

Definition examples of computer security incidents

• Inconvenient events related to computer/network system
• Activities that violate explicit or implicit security policies

Consolidation and effective use of related information

Information sharing, optimization, and know-how build-up → organization w/ stronger immune against incidents

Organizational security level improvement and optimization

Establishing voluntary standards of security levels using preventive measure feedback

Messages to be sent externally as well as internally of the corporate

Building trust for providing "safe and secure" services to clients, business partners, and affiliated organizations

Collaboration with other organizations

Use of knowledge and information obtained via inter-CSIRT collaboration can help you solve difficult issues

Deploying to businesses

Service utilizing CSIRT functions and experiences can be used for new business