CSIRT stands for Cyber Security Incident Response Team. It is a team of skilled individuals who are responsible for handling a security incident. According to federal government organization’s CISA (Cybersecurity and Infrastructure Security Agency), author Robin Ruefle, “the main goal of a CSIRT team is to minimize and control the damage resulting from incidents, provide effective guidance for response and recovery activities, and work to prevent future incidents from happening.” (Ruefle, 2007)
According to the Software Engineering Institute of Carnegie Mellon University, a CSIRT team should be a combination of skilled members whose basic skillset is based on handling incident responses. However, a specialist with higher skills shall be a positive as they can be called up on by the teams facing issues for technical issues due to security compromises. The basic skills for a CSIRT staff are broadly categorized into personal skills and technical skills. Personal skills include, communication, diplomacy, presentation, team skills, time management and so on. Technical Skills include, programming skills, knowledge on malicious codes, system security issues, network protocols and vulnerabilities and weaknesses of the system. (Carnegie Mellon University, 2016)
2. MITRE is a non-profit organization that works across the government to bring innovation in various fields such as artificial intelligence, data science, quantum information science, space security and so on. They not only work with local, state and federal governments but also with private industries and academia. Their main goal is to “work across government to tackle challenges to the safety, stability, and well-being of our nation.” () They are funded by R & D centers which are in turn funded by the federal government. Their current focal point is the Elections and Transition to the new government. With the new presidential administration of Democrats in the house and senate, they are looking at continuing and building their tradition of innovation in different fields.
3. Bugtraq was a full disclosure mailing list which is aimed at resolving issues that arise in an organization setting by receiving the help from individuals. It was started in 1993, by Scott Chasin, where they publish the vulnerabilities that were unresolves so that individuals from various parts of the world can resolve them. Under the vulnerabilities tab, different issues that are current are published. Sub-sections such as info, discussion, exploit, solution and references help constructive members to resolve issues. During the following years of its inception, it received criticism regarding unmoderated discussion. It was later resolved by providing different moderators who moderated the discussions.
4. CERT stands for Computer Emergency Response Team. It is a division of Software Engineering Institute at Carnegie Mellon University focusing on improving the security of computer systems and networks. Their work predominantly centers on researching security vulnerabilities and innovative software products to provide safe and secure computer networks. Similar to Bugtraq, CERT utilized Twitter and other social media platforms, instead of mailing list to post vulnerabilities so that individuals across the world can resolve them.
2021-2-7-1612729364