Exercise
Exercise: Producing an Advisory
We have taken the following steps so far:
- Understanding what a CSIRT is and what benefits it might provide.
- To what sector will the new team deliver its services to?
- What kinds of services a CSIRT can provide to its constituency.
- Analysis of the environment and constituents.
- Defining the mission statement.
- Developing the Business Plan.
- a. Defining the financial model.
- b. Defining the organisational structure.
- c. Starting to hire staff.
- d. Utilising and equipping the office.
- e. Developing an Information security policy
- f. Looking for cooperation partners.
- Promoting the Business Plan.
- a. Have the business case approved.
- b. Fit everything into a project plan.
- Making the CSIRT operational.
- a. Creating workflows
- b. Implementing CSIRT tooling
- Training your staff
>> The next step is to exercise and be ready for the real work!
For illustration this section describes a sample exercise for an everyday CSIRT task: creating a security advisory.
The trigger was the following original security advisory sent out by Microsoft:
| Bulletin Identifier | Microsoft Security Bulletin MS06-042 |
|---|---|
| Bulletin Title | Cumulative Security Update for Internet Explorer (918899) |
| Executive Summary | This update resolves several vulnerabilities in Internet Explorer that could allow remote code execution. |
| Maximum Severity Rating | Critical |
| Impact of Vulnerability | Remote Code Execution |
| Affected Software | Windows, Internet Explorer. For more information, see the Affected Software and Download Locations section. |
This vendor-bulletin addresses a recently found vulnerability in Internet Explorer. The vendor publishes multiple fixes for this software for multiple versions of Microsoft Windows.
Fictious CSIRT, after receiving this vulnerability information via a mailing-list, begins with the workflow described in section Generating Alerts, Warnings and Announcements.
