by Peter Allor, Honeywell
Monday, January 21st, 2019
Welcome, visitor! If you are reading this then you've likely been ‘voluntold’ that you are creating a PSIRT and your first two questions are: What is a PSIRT and where do I start? Good news - you have landed in the right place to get your fill on how to make a world-class Product Security Incident Response Team. In order to move forward you need to know the essential parts of a PSIRT, however essential parts will differ between organizations - it really is an ‘it depends’ kind of response. Luckily there's a document called the “PSIRT Services Framework" that will answer all of your questions.
The authors of the Framework aimed to point out all the various services that PSIRTs could build and how to organize these services in a somewhat logical process that almost reads like policy. To help you understand what to expect and focus on as you get started or mature your existing PSIRT, we want to introduce our “PSIRT Operational and Maturity” levels which are a natural progression of the three most common maturity levels.
Written by Peter Allor, Honeywell
FIRST runs a blog open to members and invited guest authors. It publishes contributions relevant to incident responders. Articles should focus on general topics interesting to members. It will not be used to promote individual organisations, products or services. If you are interested in contributing, please get in touch with first-blog@first.org.
Learn more about the Forum of Incident Response and Security Teams through regular blog posts about our organization, events and other programs. Questions or comments? Contact first-press@first.org.