Flashcards in Appendix A: CSIRT Deck (13)
Coordinate handling of incidents across various CSIRTs. (i.e. US-CERT)
Synthesize data. Look for trends in incident activity.
Vendor team that handles vulnerabilities in their products. Also remediation and mitigation.
Incident response providers
Who they support
CSIRT relationship to others
CSIRT place in org.
Roots (mostly in the SOC)
Triggered by an event, request,
Prepare, protect systems
Help desk level activities.
Reviews incident report. Analysis. Responses. Notification.
Supports giving feedback on issues not related to specific incident.
Interface with media.