What is a PSIRT and where do I start?

by Peter Allor, Honeywell
Monday, January 21st, 2019

Welcome, visitor! If you are reading this then you've likely been ‘voluntold’ that you are creating a PSIRT and your first two questions are: What is a PSIRT and where do I start? Good news - you have landed in the right place to get your fill on how to make a world-class Product Security Incident Response Team. In order to move forward you need to know the essential parts of a PSIRT, however essential parts will differ between organizations - it really is an ‘it depends’ kind of response. Luckily there's a document called the “PSIRT Services Framework" that will answer all of your questions.

The authors of the Framework aimed to point out all the various services that PSIRTs could build and how to organize these services in a somewhat logical process that almost reads like policy. To help you understand what to expect and focus on as you get started or mature your existing PSIRT, we want to introduce our “PSIRT Operational and Maturity” levels which are a natural progression of the three most common maturity levels.

Written by Peter Allor, Honeywell