"Why wasn't i notified?": Information security incident reporting demystified

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7127 LNCS, Issue , 2012, Pages 55-70

  Koivunen, Erka ^a  

^a Finnish Communications Regulatory Authority   (Finland)

Author keywords

abuse; CERT; computer break in; CSIRT; event monitoring; IDS; incident reporting; Information security; intrusion detection; IODEF; ISO IEC; network attack; network security; RFC; security breach; takedown notice

Indexed keywords

ABUSE; CERT; CSIRT; EVENT MONITORING; IDS; INCIDENT REPORTING; IODEF; ISO/IEC; NETWORK ATTACK; RFC; SECURITY BREACHES; TAKEDOWN NOTICE;

COMPUTER CRIME; INFORMATION TECHNOLOGY; INTRUSION DETECTION; PROCESS CONTROL; SECURITY OF DATA;

NETWORK SECURITY;

EID: 84861591476     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-27937-9_5     Document Type: Conference Paper

References (40)

1. AbuseHelper project pages, http://code.google.com/p/abusehelper/
2. American Registry for Internet Numbers ARIN: Introduction to ARIN's database, https://www.arin.net/knowledge/database.html#abusepoc
3. Arvidsson, J., Cormack, A., Demchenko, Y., Meijer, J.: TERENA's Incident Object Description and Exchange Format Requirements (RFC 3067). Internet Engineering Task Force (2001)
4. Asia Pacific Computer Emergency Response Team, Member Teams, http://www.apcert.org/about/structure/members.html
5. Brownlee, N., Guttman, E.: Expectations for Computer Security Incident Response (RFC 2350, BCP 21). Internet Engineering Task Force (1998)
6. Brunner, E., Suter, M.: International CIIP Handbook 2008/2009, An Inventory of 25 National and 7 International Critical Information Infrastructure Protection Policies. Center for Security Studies, ETH Zurich, Switzerland (2008)
7. Bryk, H.: National and Government CSIRTs in Europe, Study Conducted by CERT-FI. Finnish Communications Regulatory Authority, Helsinki, Finland (2009)
8. Bryk, H.: A study among certain European computer security incident response teams and application of good practices in Finnish Communication Regulatory Authority. Helsinki University of Technology, Espoo, Finland (2008)
9. Centre for the Protection of National Infrastructure, International CIIP Directory, Issue 21 (2009) (unpublished)
10. CERT Coordination Center, CSIRTs with National Responsibility, http://www.cert.org/csirts/national/
11. Commission to the European Communities: Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on Critical Information Infrastructure Protection - Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience, COM (2009) 149 final. Brussels (2009)
12. Common Criteria for Information Technology Security Evaluation: Part 2: Security functional components. Version 3.1, Revision 3, Final (2009)
13. Cormack, A., Stikvoort, D., Woeber, W., Robachevsky, A.: IRT Object in the RIPE Database, ripe-254 (2002)
14. Cover, R. (ed.): Incident Object Description and Exchange Format (IODEF), http://xml.coverpages.org/iodef.html
15. Crocker, S.: Mailbox Names for Common Services, Roles and Functions (RFC 2142). Internet Engineering Task Force (1997)
16. Danyliw, R., Meijer, J., Demchenko, Y.: The Incident Object Description Exchange Format (RFC 5070), Internet Engineering Task Force (2007)
17. DoD 5200.28-STD: Department of Defense Trusted Computer Security Evaluation Criteria. National Computer Security Center (1985)
18. Dörges, T.: Information Security Exchange Formats and Standards. Slides for the presentation held during FIRST 2009 Conference in Kyoto (2009)
19. Eronen, J., Röning, J.: Graphingwiki - a Semantic Wiki extension for visualising and inferring protocol dependency. Paper presented in the First Workshop on Semantic Wikis "SemWiki 2006 - From Wiki to Semantics," co-Located with the 3rd Annual European Semantic Web Conference (ESWC), Budva, Montenegro, June11-14 (2006)
20. European Government CERTs Group, EGC Emergency Contact Information (unpublished)
21. European Network and Information Security Agency: Inventory of CERT activities in Europe, http://www.enisa.europa.eu/act/cert/background/inv/files/ inventory-of-cert-activities-in-europe
22. Finnish Communications Regulatory Authority: On information security and functionality of Internet access services, Regulation 13 A/2008 M. Finnish Communication Regulatory authority, Helsinki, Finland (2008)
23. Finnish Parliament: Act on the Protection of Privacy in Electronic Communications 516/2004, Edita Publishing Oy, Helsinki, Finland (2004)
24. Forum of Incident Response and Security Teams, Alphabetical list of FIRST Members, http://www.first.org/members/teams/
25. Fraser, B.: Site Security Handbook (RFC 2196). Internet Engineering Task Force (1997)
26. Grenman, T.: Autoreporter - Keeping the Finnish Network Space Secure. Finnish Communications Regulatory Authority, CERT-FI, Helsinki, Finland (2009)
27. Harju Maakohus (Harju District Court): Court decision in criminal case 1-09-3476(07221000080), judge Julia Vernikova, Tallinn (2010); (only available in Estonian)
28. ISO/IEC 27001:2005(E): Information technology. Security techniques. Information security management systems. Requirements. International standard, First edition (2005)
29. ISO/IEC 27002:2005(E): Information technology - Security techniques - Code of practice for information security management. International standard, First edition (2005)
30. Killalea, T.: Recommended Internet Service Provider Security Services and Procedures (RFC 3013, BCP 46). Internet Engineering Task Force (2000)
31. Knecht, T.: Abuse contact information (prop-079-v003), http://www.apnic.net/policy/proposals/prop-079
32. Latin American and Caribbean Internet Addresses Registry LACNIC: Allocation of Autonomous System Numbers (ASN), LACNIC Policy Manual (v1.3 - 07/11/2009), http://lacnic.net/en/politicas/manual4.html
33. MITRE Corporation, Common Event Expression, http://cee.mitre.org/
34. Pethia, R., Crocker, S., Fraser, B.: Guidelines for the Secure Operation of the Internet (RFC 1281). Internet Engineering Task Force (1991)
35. Porvoo magistrate's court: Decision 09/863 in criminal case R 09/446 (2009) (only available in Finnish)
36. Ruefle, R., Rajnovic, D.: FIRST Site Visit Requirements and Assessment, version 1.0. Forum of Incident Response and Security Teams (2006)
37. S-Cure: Trusted Introducer for CSIRTs in Europe, Appendix B: Information Template for "accredited" CSIRTs, version 4.0. Trusted Introducer (2009)
38. Scarfone, K., Grance, T., Masone, K.: Computer Security Incident Handling Guide - Recommendations of the National Institute of Standards and Technology, NIST Special Publication 800-61, Revision 1. National Institute of Standards and Technology (2008)
39. Shafranovich, Y., Levine, J., Kucherawy, M.: An Extensible Format for Email Feedback Reports, Internet-Draft version 4. MARF Working Group (2010)
40. Trusted Introducer, Team Info, Listed Teams by Name, https://www.trusted- introducer.org/teams/alpha-LICSA.html