FIRST Security Reference Index

The below list features common reference points for security best practices. This is not meant to be a definitive list but rather a way to present best practice web sites that have been helpful to the FIRST community.

Note: The Security Reference Index is based on references submitted by FIRST members.

FIRST members are strongly encouraged to click here if they know of possible additions to this page.

Best Practices and Documentation

Caida Presentations

• http://www.caida.org/outreach/presentations/

CERT Coordination Center

• https://www.cert.org
• https://www.cert.org/octave/
• https://www.cert.org/incident-management

Center for Internet Security Benchmarking tools

• https://www.cisecurity.org/

ThaiCERT Threat Group Cards

• https://apt.thaicert.or.th/cgi-bin/aptgroups.cgi
• https://www.thaicert.or.th/downloads/files/Threat_Group_Cards_v2.0.pdf

ENISA CSIRT Services

• https://www.enisa.europa.eu/topics/csirt-cert-services

ENISA CSIRT Setting Up Guide

• https://www.enisa.europa.eu/publications/csirt-setting-up-guide

GDPR

• https://github.com/CIRCL/compliance
• https://github.com/CIRCL/compliance/tree/master/gdpr/workshop-materials
• https://first.org/blog/20171211_GDPR_for_CSIRTs
• https://community.jisc.ac.uk/blogs/regulatory-developments?f%5B0%5D=im_field_tags%3A

JANET

• https://community.jisc.ac.uk/library/janet-services-documentation/suggested-charter-system-administrators

OWASP Guide to Building Secure Web Applications

• https://www.owasp.org/index.php/OWASP_Guide_Project

Microsoft Security Guidance Center

• https://technet.microsoft.com/en-us/library/cc184906.aspx

NIST Guide on Computer Security Incident Handling

• http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf

ENISA/CERT Polska - Proactive detection of incidents

• https://www.enisa.europa.eu/activities/cert/support/proactive-detection

ENISA Solutions for Improving Threat Data Exchange among CERTs

• https://www.enisa.europa.eu/activities/cert/support/data-sharing

SANS Reading Room

• https://www.sans.org/reading-room/

ETSI Information Security: Key Performance Indicators

• http://www.etsi.org/deliver/etsi_gs/isi/001_099/003/01.01.02_60/gs_isi003v010102p.pdf

The NCS Guide 2021

• https://ncsguide.org/the-guide/

Géant Best Practices for DDoS Mitigation Strategies

• https://www.geant.org/Projects/GEANT_Project_GN4-3/GN43_deliverables/D8-7_Best-Practices-for-DDoS-Mitigation-Strategies.pdf

Standards

RFC 2350 - Expectations for Computer Security Incident Response

• http://www.faqs.org/rfcs/rfc2350.html

RFC 2196 - Site Security Handbook

• http://www.faqs.org/rfcs/rfc2196.html

RFC 2827 - Network Ingress Filtering

• http://www.faqs.org/rfcs/rfc2827.html

RFC 2504 - Users' Security Handbook

• http://www.faqs.org/rfcs/rfc2504.html

Common community tools

Malware Information Sharing Platform (MISP)

• http://www.misp-project.org/

Collaborative Research Into Threats (CRITS)

• http://crits.github.io/

Collective Intelligence Framework (CIF)

• http://csirtgadgets.org/collective-intelligence-framework

Google Rapid Response (GRR)

• https://github.com/google/grr

Autopsy and the Sleuth Kit

• https://www.sleuthkit.org/

Cuckoo Sandbox

• https://cuckoosandbox.org/

Honeyspider

• https://www.honeyspider.net/

Volatility

• https://github.com/volatilityfoundation/volatility

OSSEC

• https://ossec.github.io/

osquery

• https://osquery.io/

Related initiatives

Trusted Introducer

• https://www.trusted-introducer.org/processes/certification.html

TF-CSIRT

• https://www.terena.org/activities/tf-csirt/

APCERT

• https://www.apcert.org

AfricaCERT

• http://www.africacert.org

Organization of the Islamic Cooperation - CERTs

• https://www.oic-cert.org

Global Forum on Cyber Expertise – CSIRT Maturity Initiative

• https://www.thegfce.com/initiatives/csirt-maturity-initiative

OASIS Cyber Threat Intelligence

• https://www.oasis-open.org/committees/cti/

OECD Guidance for Improving the Comparability of Statistics Produced by Computer Security Incident Response Teams (CSIRT)

• https://www.oecd.org/officialdocuments/publicdisplaydocumentpdf/?cote=DSTI/ICCP/REG(2013)9/FINAL&doclanguage=en

IGF Best Practices Forum on Establishing Incident Response Teams for Internet Security

• http://www.intgovforum.org/cms/home-36966/170-igf-2014/best-practice-forums-2014/1893-establishing-and-supporting-computer-emergency-response-teams-certs-for-internet-security
• Mhttp://www.intgovforum.org/cms/documents/best-practice-forums/establishing-and-supporting-computer-emergency-response-teams-certs-for-internet-security/627-bpf-csirt-2015-report-final-v2

Acknowledgement

This is a collaborative effort from the FIRST community - moderated by Gavin Reid. Thanks for all the great suggestion and feedback.