1 Introduction

Top - Help

Copyright(c), 1996 - Management Analytics and Others - All Rights Reserved

The Working Group group was formed to provide guidelines and recommendations to facilitate the consistent handling of security incidents in the Internet community.

Security incidents and potential threats of them usually extend beyond institutional or local community boundaries. "Consistent handling" implies that any group calling itself an Incident Response Team (IRT) must react to security incidents or to threats of them in ways which the general Internet community agrees to be in its general interest.

The "Framework for Security Incident Response" is seen as resting on the work of individual IRTs and the cooperation between them.

This document therefore recommends a "template" through which every IRT should describe itself and its functions. It further recommends that templates should be accessible among teams, to make possible a fully effective cooperative response framework for incidents or threats across the entire domain affected by them.

1.1 Template Repository

If templates are to be accessible between IRTs, a central repository will be needed for them. The GRIP Working Group believe that some of the existing Internet archive areas could be used for this purpose.

Each team should be responsible for ensuring that its own template is available to at least its constituency and its co-operating partner teams. Digital signatures should be used to protect the completed templates against modifications. The keeper of each template repository will be responsibly for verifying the identity of each IRT loding a template in the repository.

--- (Future drafts will present more specific recommendations concerning the sharing of Template information) ---

The Template is summarized in the section immediately below, and the remainder of the document describes its components.