Facts and Opinions

At irregular intervals, we provide important insights or open documents related to our projects and our core expertise. Such contributions include presentations, publications, or information about conferences/workshops we organized or attended.

Facts and Opinions

2019 | 08 > openCSIRT Foundation

SIM3 CSIRT Maturity Auditor Training

On 18-20 September 2019 (following the TF-CSIRT), the Open CSIRT Foundation (OCF) will organise a 3-day training to become a Certified SIM3 Auditor. The OCF shepherds the further development of the SIM3 maturity model, that is used by TF-CSIRT/TI, by ENISA for national teams in the EU, by the NCA (Nippon CSIRT Association) in Japan, and is now also being taken up by the Global Forum on Cyber Expertise (GFCE) for their GCMF – Global CSIRT Maturity Framework.

external_link Read more about this

2019 | 07 > CSIRT Services Framework

CSIRT Services Framework as Version 2.0

FIRST has finally released the CSIRT Services Framework Version 2.0. This version is heavily based on the lessons learned from the work on the PSIRT Services Framework and feedback received from practitioners. The volunteers contributing to took time to restructuring the previous versions to address recognized weaknesses. Feedback is still welcome that will then become incorporated in the planned Version 2.1 later in 2019.

external_link Read more about this

2019 | 07 > openCSIRT Foundation

SIM3 CSIRT Maturity Self-Assessment Tool

For the documentation of the SIM3 Self-Assessments most teams use spreadsheets or design your own graphics today. With the new openCSIRT Foundation (OCF) tool, a clear graphical representation comes with the tool. In addition it provide better explanations and online answers, which makes a new self-assessment rather easy. In addition, the established CSIRT Maturity (TI, ENISA, GFCE) can be selected to compare against. Input can be easily saved or bookmarked.

external_link Read more about this

2019 | 06 > Reflections on CSIRTs

CSIRTs deserve Protection!

The consensus report of the United Nations Group of Governmental Experts (UN GGE) on Developments in the Field of Information and Telecommunications in the Context of International Security, adopted in July 2015, stated - not surprisingly - that international law applies in cyberspace. More surprisingly is norm clause 4, which stresses an important point: 'states should not conduct or knowingly support activity to harm the information systems of another state’s emergency response teams (CERT/CSIRTS) and should not use their own teams for malicious international activity.'

external_link Read more about this