Skip to main content
SpringerLink
Log in

Proposal of Content and Security Controls for a CSIRT Website

  • Conference paper
  • First Online:
Book cover New Advances in Information Systems and Technologies

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 444))

Abstract

A CSIRT is a group of experts in information security which provides services such as alerts and warnings, incident handling, observatory technology, security audits, forensic computing, among others. Therefore, they have constant communication with the target audience via email, telephone or in a website. A website works as the main contact with the target audience, for this reason, when creating a website for the CSIRT, special care must be taken with technologies when using and applying security controls in order to avoid computer attacks that may jeopardize the reputation of the CSIRT. This paper describes a proposal related to content and security controls of the CSIRT website that must be considered.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Chapela, G. (2014). http://www.dineroenimagen.com/2015-03-27/53161. From http://www.dineroenimagen.com/2015-03-27/53161

  2. FIRST. (2015). FIRST. Retrieved 8 5, 2015 from www.first.org/members/map#MX

  3. ENISA. (2006). Cómo crear un CSIRT paso a paso. WP2006/5.1(CERT-D1/D2).

    Google Scholar 

  4. National Cryptologic Center. (2013, Junio). centro criptológico nacional del gobierno de España. Retrieved Agosto 12, 2014 from www.ccn-cert.cni.es/: https://ccn-cert.cni.es/publico/seriesCCN-STIC/series/800-Esquema_Nacional_de_Seguridad/820/820-Proteccion_contra_DoS-jun13.pdf

  5. AMPARO Project. (2012). Manual básico de: Gestion de incidentes de seguridad informática.

    Google Scholar 

  6. Penedo, D. (2006). Technical Infrastructure of a CSIRT. IEEE 0-7695-2649-7/06.

    Google Scholar 

  7. Software Engineering Institute. (2014). CSIRT Services. From cert: http://www.cert.org/incident-management/services.cfm?

  8. National Cryptologic Center. (2013). MAGERIT - Versión 3.0 Metogolodía de Análisis y Gestión de Riesgos de los Sistemas de Información. Madrid, España.

    Google Scholar 

  9. Vargiu, E., & Urru, M. (2013). Exploiting web scraping in a collaborative filtering- based approach to web advertising. Artificial Intelligence Research , 2 (1).

    Google Scholar 

  10. FIRST.org, Inc. (1995). FIRST Improving Security Together. Retrieved 2015 from https://www.first.org: https://www.first.org/members/teams

  11. Horton, A., & Coles, B. (2015). WhatWeb is a next generation web scanner. Retrieved 2015 from https://github.com/urbanadventurer/whatweb: https://github.com/urbanadventurer/whatweb

  12. Morningstar Security. (2011). From: http://www.morningstarsecurity.com/research/whatweb.

  13. From:http://www.morningstarsecurity.com/research/whatweb: http://www.morningstarsecurity.com/research/whatweb

  14. Onishi, A. (2013). Security and Performance. In A. Onishi, Pro WordPress Theme Development (pp. pp 297-332). Apress.

    Google Scholar 

  15. Mejia J., Muñoz M., Uribe E., Marquez J., Uribe G., Valtierra C. (2014). Systematic Review Tool to Support the Establishment of a Literature Review. New Perspectives in Information Systems and Technologies, Volume 1, V 275. Advances in Intelligent Systems and Computing. DOI 978-3-319-05951-8_17. Pgs., 171-181.

    Google Scholar 

  16. Kitchenham, B.A., Dybå, T. (2004). Evidence-based Software Engineering. In: Proceedings of the 26th International Conference on Software Engineering (ICSE 2004)

    Google Scholar 

  17. Leary, S. (2013). Performance and Security. In S. Leary, WordPress for Web Developers (pp. pp 125-140 ). Apress.

    Google Scholar 

  18. Yslow. (2015). http://yslow.org/. Retrieved 2015 from http://yslow.org/: http://yslow.org/

  19. Allen, J. (2001). The CERT Guide to System and Network Security Practices.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Centro de Investigación en Matemáticas A.C., Unidad Zacatecas, Av. Universidad No. 222, Fracc. La Loma, C.P, 98068, Zacatecas, ZAC, Mexico

    Jezreel Mejía, Mirna Muñoz & Heltton Ramírez

  2. Departamento de Ciencias de la Computación, CUCEI de la Universidad de Guadalajara, Av. Revolución no. 1500, 44430, Guadalajara, JAL, Mexico

    Adriana Peña

Authors
  1. Jezreel Mejía
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mirna Muñoz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Heltton Ramírez
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Adriana Peña
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jezreel Mejía .

Editor information

Editors and Affiliations

  1. DEI/FCT, Universidade de Coimbra, Coimbra, Portugal

    Álvaro Rocha

  2. ISEGI,, Universidade Nova de Lisboa, Lisboa, Portugal

    Ana Maria Correia

  3. College of Engineering, The Ohio State University, Columbus, Ohio, USA

    Hojjat Adeli

  4. DSI, Universidade do Minho, Guimarães, Portugal

    Luis Paulo Reis

  5. Rua Dom Manoel de Medeiros, s/n, DoisIrm, Universidade Federal Rural de Pernambuco, Recife, Brazil

    Marcelo Mendonça Teixeira

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Mejía, J., Muñoz, M., Ramírez, H., Peña, A. (2016). Proposal of Content and Security Controls for a CSIRT Website. In: Rocha, Á., Correia, A., Adeli, H., Reis, L., Mendonça Teixeira, M. (eds) New Advances in Information Systems and Technologies. Advances in Intelligent Systems and Computing, vol 444. Springer, Cham. https://doi.org/10.1007/978-3-319-31232-3_40

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-31232-3_40

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-31231-6

  • Online ISBN: 978-3-319-31232-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation