ICANN Email Archives: [dssa]

ICANN ICANN Email List Archives

[dssa]

<<< Chronological Index >>> <<< Thread Index >>>

RE: [dssa] CSIRT Stuff / framework

To: Jörg Schweiger <schweiger@xxxxxxxx>
Subject: RE: [dssa] CSIRT Stuff / framework
From: Jacques Latour <jacques.latour@xxxxxxx>
Date: Thu, 30 Aug 2012 12:17:48 -0400

Hi Jörg,

In blue, the National Coordination Center (CSIRT) is the organization that does 
incident management for the country, and in red, is the tool, the CSIRT 
registry itself, that the National Coordination Center would use to perform day 
to day incident management functions.

I can see it in my head, a global framework, and tried many time to put on 
paper but having a hard time.

For Canada, the idea is that CIRA (.CA ccTLD) which is an expert in running 
registries :-), would operate the CSIRT registry for Canada, and the National 
Coordination Center would use the CSIRT registry as an application/service.  

Ideally, all ccTLD would operate their own National CSIRT registry...

In Canada we have multiple National Coordination Center, one for governments, 
one for Critical sector, one for Banks, and a few other for the Canada and each 
one of them have database of contacts (some partial, some complete), they are 
good at running security incident response and management, but not good at 
keeping their databases up to date.  

Jack

-----Original Message-----
From: Jörg Schweiger [mailto:schweiger@xxxxxxxx] 
Sent: August-30-12 11:23 AM
To: Jacques Latour
Cc: DSSA WG; owner-dssa@xxxxxxxxx
Subject: Re: [dssa] CSIRT Stuff / framework

Hi Jacques,

thanks for providing such ideas. For the data that should/could be held by the 
CSIRT registry you might want to take a look at the work that has been done by 
the ccNSO incident response WG. Actually this was an approach to provide actual 
data for contacts and incident handling as well. I hope /presume that it is 
been taken care of and on it's way to be implemented. 
Bart Boswinkel should know. Bart?

One question (refering to page 14): What could/should a National CSIRT registry 
do that couldn't be done by a National Coordination Center? Or vice versa. 
Would we need both?

regards

Jörg 

________________________________
Dr. Jörg Schweiger
Mitglied des Vorstandes


DENIC eG
Kaiserstraße 75-77
60329 Frankfurt

E-Mail: schweiger@xxxxxxxx
Tel: + 49 69 27 235 - 455
Fax: + 49 69 27 235 - 457

PGP-Key-ID: 0x6ACD 7361
Fingerprint: 0F4A 0169 8972 D87D 26BE  4BE8 B1D2 8B71 6ACD 7361

Sitz: Frankfurt am Main
Eingetragen unter Nr. 770 im Genossenschaftsregister beim Amtsgericht Frankfurt 
am Main
Vorstand: Sabine Dolderer, Helga Krüger, Carsten Schiefner, Dr. Jörg Schweiger 
Vorsitzender des Aufsichtsrates: Elmar Knipp

References:
- [dssa] CSIRT Stuff / framework
  - From: Jacques Latour
- Re: [dssa] CSIRT Stuff / framework
  - From: Jörg Schweiger

<<< Chronological Index >>> <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy