Please enable JavaScript.
Coggle requires JavaScript to display documents.
FIRST CSIRT Framework (Service Area 3 - Information Assurance (3.1 Service…
FIRST CSIRT Framework
Service Area 3 - Information Assurance
3.1 Service - Risk Assessment
3.1.1 Function – Inventory of Critical Asset/Data
3.1.2 Function - Standards Evaluation
3.1.3 Function - Execute Assessment
3.1.4 Function - Findings & Recommendations
3.1.5 Function - Tracking
3.1.6 Function - Testing
3.1.7 Function - Risk Assessment Advice
3.2 Service – Operating Policies Support
3.3 Service – Business Continuity and Disaster Recovery Planning Support
3.4 Service – Technical Security Support
3.5 Service – Patch management
Service Area 6 - Capability Building
6.1 Service - Organizational Metrics
6.1.1 Function - Knowledge, Skill, and Ability Requirements Gathering
6.2 Service - Training and Education
6.2.1 Function - Development of Educational and Training Materials
6.2.2 Function - Delivery of Content
6.2.3 Function – Mentoring
6.2.4 Function - Professional Development
6.2.5 Function - Skill Development
6.3 Service - Conducting Exercises
6.3.1 Function - Requirements Analysis
6.3.2 Function - Format and Environment Development
6.3.3 Function - Scenario Development
6.3.4 Function – Executing Exercises
6.3.5 Function - Exercise Outcome Review
6.4 Service - Technical Advice
6.4.1 Function - Infrastructure Design and Engineering
6.4.2 Function - Infrastructure Procurement
6.4.3 Function – Tools Evaluation
6.4.4 Function - Infrastructure Resourcing
6.5 Service - Lesson learned
Internal Activity 2 - Relationship Management
2.1 POC and Communications Management
2.2 Peer Relationship Management
2.3 Stakeholder Relationship Management
2.4 Conferences / Workshops
2.5 Stakeholder Engagement/Relations
Internal Activity 1 - Data and Knowledge Management
1.1 Standards/Specifications Management
1.2 Data Storage Management
1.3 Data Processing Management
1.4 Data Access Management
1.5 Automation Support
Service Area 1 - Incident Management
1.1 Service - Incident Handling
1.1.1 Function - Incident Validation and Classification
1.1.3 Function - Information Collection
1.1.2 Function - Incident Tracking
1.1.4 Function - Coordination and reporting
1.1.5 Function - Communication with news media
1.2 Service - Incident Analysis
1.2.1 Function - Impact Analysis
1.2.2 Function - Mitigation Analysis
1.2.3 Function - Recovery Analysis
1.3 Service - Incident Mitigation and recovery
1.3.1 Function – Containment
1.3.2 Function - Restore confidentiality, integrity, availability
Service Area 2 - Analysis
2.1 Service - artifact Analysis
2.1.1 Function - Surface Analysis
2.1.2 Function - Reverse Engineering
2.1.3 Function - Run Time or Dynamic Analysis
2.1.4 Function - Comparative Analysis
2.2 Service - Media Analysis
2.3 Service - Vulnerability / Exploitation Analysis
2.3.1 Function - Exploitation Vulnerability / Path Analysis
2.3.2 Function - Root Cause Analysis
2.3.3 Function - Remediation Analysis
2.3.4 Function - Mitigation Analysis
Service Area 4 - Situational Awareness
4.1 Service – Metric Operations
4.1.1 Function – Requirements Analysis
4.1.2 Function – Data Source Identification
4.1.3 Function – Data Acquisition
4.1.4 Function - Results Management
4.2 Service - Fusion and Correlation
4.2.1 Function - Determine Fusion Algorithms
4.2.2 Function - Fusion Analysis
4.3 Service - Development and Curation of Security Intelligence
4.3.1 Function - Source Identification and Inventory
4.3.2 Function - Source Content Collection and Cataloguing
4.3.3 Function – Information sharing
Service Area 7 - Research/Development
7.1 Service - Development of Vulnerability Discovery/Analysis/Remediation/Root Cause Analysis Methodologies
7.2 Service - Development of Technologies and Processes for Gathering/Fusing/Correlating Security Intelligence
7.3 Service - Development of Tools
Service Area 5 - Outreach/Communications
5.1 Service - Security Awareness Raising
5.2 Service - Cybersecurity Policy Advisement
5.2.1 Function - Policy Consultancy
5.2.2 Function - Legal Consultancy
5.2.3 Service – Information Sharing and Publications
5.2.4 Function - Public Service Announcements
5.2.5 Function - Publication of Information
Internal Activity 3 - Branding/Marketing
Internal Activity 4 - Participating in Exercises
Internal Activity 5 - Lessons Learned Review