The European Network and Information Security Agency (ENISA), Europe’s Cyber security agency, issued a new guide on good practice, practical information and guidelines for the management of network and information security incidents by Computer Emergency Response Teams (CERTs).
Released as a follow-up to ENISA’s CERT setup-up guide, The Good Practice Guide for Incident Management facilitates ENISA’s effort to reinforce the capabilities of national and governmental CERTs.
The guide focuses on the incident handling process, the core service carried out by most CERTs, involving the detection and registration of incidents, followed by classifying, prioritizing and assigning incidents, incident resolution, closing and post-analysis.
The guide is targeted to the technical staff and management of governmental and other institutions operating a CERT, though any group or team that handles information or network security incidents can benefit from the guide.
Related Reading – The Increasing Importance of Securing The Smart Grid
ENISA has advocated that all Member States set up a CERT and proposed there should be an establishment of a CERT in all member states across Europe by 2012, and one for the EU-institutions.
Topics covered by The Good Practice Guide for Incident Management include:
– Basics of a CERT, its mission, constituency and authority
– Organizational framework and roles within a CERT
– Workflows and internal policies
– Cooperation with external parties and outsourcing
– How to present the work to the management.
In December 2010, the agency released a report identifying what it sees as the top security risks and opportunities of smartphone use and gives security advice for businesses, consumers and governments.
The Guide is available here.