ENISA has published a new practical guide for CSIRTs so that they are better prepared to protect their constituencies and improve team's maturity.
CSIRTs will find in ENISA's new report a comprehensive overview about assessment parameters which was also translated into an online survey tool for a direct maturity self-assessment.
The CSIRT maturity improvement process includes a survey with questions and answers for all the parameters of the commonly used SIM3 (Security Incident Management Maturity Model) model, which makes it considerably easier for any CSIRT team to self-assess their maturity in the terms of SIM3. The survey is complete with a mapping to the proposed CSIRT maturity scale (with the steps basic, intermediate and certifiable), so that a team member who use the survey can self-assess their maturity on that scale.
As an additional element of the evaluation process ENISA suggests a peer review methodology. A methodology for how to do peer reviews between trusted teams, complementary to the self-assessment approach and intended as a form of intra-community mutual support aimed at further enhancing all teams' maturity. The proposed peer review approach is a flexible one, that is expected to suit the needs of all teams involved.
For the full report: Study on CSIRT Maturity – Evaluation Process
Background:
The EU Network and Information Security Directive (NISD) creates a CSIRTs network "to contribute to developing confidence and trust between the Member States and to promote swift and effective operational cooperation". The Directive states that each Member State shall designate one or more CSIRTs which shall comply with the requirements set out in point (1) of Annex I (requirements), covering at least the sectors referred to in Annex II and the services referred to in Annex III, responsible for risk and incident handling in accordance with a well-defined process.
The Directive gives high-level requirements that designated CSIRTs must observe, and tasks that they must perform.
ENISA has carried out a considerable amount of work in the CSIRT area, and this work contributes by sharping the role of ENISA in helping CSIRTs on their way to a higher maturity level. With this new practical guide CSIRTs will be better prepared to protect
their constituencies and improve team's maturity.