Abstract
A CSIRT is a group of experts in information security which provides services such as alerts and warnings, incident handling, observatory technology, security audits, forensic computing, among others. Therefore, they have constant communication with the target audience via email, telephone or in a website. A website works as the main contact with the target audience, for this reason, when creating a website for the CSIRT, special care must be taken with technologies when using and applying security controls in order to avoid computer attacks that may jeopardize the reputation of the CSIRT. This paper describes a proposal related to content and security controls of the CSIRT website that must be considered.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chapela, G. (2014). http://www.dineroenimagen.com/2015-03-27/53161. From http://www.dineroenimagen.com/2015-03-27/53161
FIRST. (2015). FIRST. Retrieved 8 5, 2015 from www.first.org/members/map#MX
ENISA. (2006). Cómo crear un CSIRT paso a paso. WP2006/5.1(CERT-D1/D2).
National Cryptologic Center. (2013, Junio). centro criptológico nacional del gobierno de España. Retrieved Agosto 12, 2014 from www.ccn-cert.cni.es/: https://ccn-cert.cni.es/publico/seriesCCN-STIC/series/800-Esquema_Nacional_de_Seguridad/820/820-Proteccion_contra_DoS-jun13.pdf
AMPARO Project. (2012). Manual básico de: Gestion de incidentes de seguridad informática.
Penedo, D. (2006). Technical Infrastructure of a CSIRT. IEEE 0-7695-2649-7/06.
Software Engineering Institute. (2014). CSIRT Services. From cert: http://www.cert.org/incident-management/services.cfm?
National Cryptologic Center. (2013). MAGERIT - Versión 3.0 Metogolodía de Análisis y Gestión de Riesgos de los Sistemas de Información. Madrid, España.
Vargiu, E., & Urru, M. (2013). Exploiting web scraping in a collaborative filtering- based approach to web advertising. Artificial Intelligence Research , 2 (1).
FIRST.org, Inc. (1995). FIRST Improving Security Together. Retrieved 2015 from https://www.first.org: https://www.first.org/members/teams
Horton, A., & Coles, B. (2015). WhatWeb is a next generation web scanner. Retrieved 2015 from https://github.com/urbanadventurer/whatweb: https://github.com/urbanadventurer/whatweb
Morningstar Security. (2011). From: http://www.morningstarsecurity.com/research/whatweb.
From:http://www.morningstarsecurity.com/research/whatweb: http://www.morningstarsecurity.com/research/whatweb
Onishi, A. (2013). Security and Performance. In A. Onishi, Pro WordPress Theme Development (pp. pp 297-332). Apress.
Mejia J., Muñoz M., Uribe E., Marquez J., Uribe G., Valtierra C. (2014). Systematic Review Tool to Support the Establishment of a Literature Review. New Perspectives in Information Systems and Technologies, Volume 1, V 275. Advances in Intelligent Systems and Computing. DOI 978-3-319-05951-8_17. Pgs., 171-181.
Kitchenham, B.A., Dybå, T. (2004). Evidence-based Software Engineering. In: Proceedings of the 26th International Conference on Software Engineering (ICSE 2004)
Leary, S. (2013). Performance and Security. In S. Leary, WordPress for Web Developers (pp. pp 125-140 ). Apress.
Yslow. (2015). http://yslow.org/. Retrieved 2015 from http://yslow.org/: http://yslow.org/
Allen, J. (2001). The CERT Guide to System and Network Security Practices.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Mejía, J., Muñoz, M., Ramírez, H., Peña, A. (2016). Proposal of Content and Security Controls for a CSIRT Website. In: Rocha, Á., Correia, A., Adeli, H., Reis, L., Mendonça Teixeira, M. (eds) New Advances in Information Systems and Technologies. Advances in Intelligent Systems and Computing, vol 444. Springer, Cham. https://doi.org/10.1007/978-3-319-31232-3_40
Download citation
DOI: https://doi.org/10.1007/978-3-319-31232-3_40
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31231-6
Online ISBN: 978-3-319-31232-3
eBook Packages: EngineeringEngineering (R0)