CSIRT

CSIRT stands for Computer Security Incident Response Team.

CSIRT is assigned with the responsibility of assisting members of the local internet community in implementing proactive measures to reduce the risks of computer security incidents and to assist the community in responding to such incidents when they occur.

The CSIRT-KENYA is sponsored by the Kenya Network Information Center (KENIC) and Telecommunications Service Providers of Kenya.

OBJECTIVES

INCIDENCE HANDLING

Incident handling includes three functions: incident reporting, incident analysis, and incident response.

The incident reporting function enables CSIRT-KENYA to serves as a central point of contact for reporting local problems. This allows local computer and especially internet users and system administrators to report all security incident issues and activities to CSIRT-KENYA.

Incident analysis involves taking an in-depth look at an incident report or incident activity to determine the scope, priority, and threat of the incident, along with researching possible response and mitigation strategies.

Incident response functions can take many forms. CSIRT-KENYA may send out recommendations for recovery, containment, and prevention to users or systems and network administrators at sites who then perform the response steps themselves. The response may also involve sharing information and lessons learned with other response teams and other appropriate organizations and sites.

CSIRT-KENYA also responds by sending weekly security bulletins to its members informing them of any vulnerability that may have been detected in various software and applications.

CSIRT-KENYA also sends out alerts to its members where a highly critical vulnerability has been detected.

These incident handling functions are the reactive services that CSIRT-KENYA provides.

For more information on CSIRT-KENYA, vist www.csirt.or.ke