New Guide on Cyber Security Incident Management to Support the Fight Against Cyber Attacks

By Enisa - European Network And Information Security Agency, PRNE
Tuesday, January 18, 2011

BRUSSELS and HERAKLION, Greece, January 20, 2011 - The EU's 'cyber security' Agency ENISA (the European Network and
Information Security Agency) has issued a new guide on good practice,
practical information and guidelines for the management of network and
information security incidents by Computer Emergency Response Teams (CERTs).

Recent reports of increased cyber attacks in 2010 has made the need for
and use of the Agency report on how to fight Cyber attacks even more topical
and current. The Good practice guide for incident management focuses on the
incident handling process. Incident handling is the core service carried out
by most CERTs. This involves the detection and registration of incidents,
followed by so called 'triage' (classifying, prioritising and assigning
incidents), incident resolution, closing and post-analysis.

    Other topics covered by the guide include;

    - basics of a CERT,
    - its mission, constituency and authority,
    - organisational framework,
    - roles within a CERT,
    - workflows,
    - internal policies,
    - cooperation with external parties,
    - outsourcing, and
    - how to present the work to the management.

Political context. ENISA has advocated that all Member States set up a
CERT and the European Commission recently (22/11/2010) proposed the EU's
Internal Security Strategy (
strategy_in_action_en.pdf) which included e.g. there should be an
establishment of a Computer Emergency Response Teams in every Member States
to network across Europe by 2012, and one for the EU-institutions. The Agency
Executive Director Prof. Udo Helmbrecht comments:

"This guide is a useful tool to support the Commission's proposal on
30/09/10 to boost Europe's defences against cyberattacks (

(Due to the length of these URLs, it may be necessary to copy and paste
these hyperlinks into your Internet browser's URL address field. Remove
the space if one exists.)

The Good practice guide for incident management is a follow-up to the
ENISA CERT setting-up guide ( This new guide
facilitates ENISA's effort to reinforce the capabilities of national /
governmental CERTs, the 'digital firebrigades', which are one of the key
players in the critical information infrastructure protection (CIIP) at
Member State levels.

The target audience for the guide are the technical staff and management
of governmental and other institutions operating a Computer Emergency
Response Team (CERT) in order to protect IT infrastructure. Yet, any group or
team that handles information or network security incidents can benefit from
following this guide.

Read the full report:

For interviews: Ulf Bergstrom, Spokesman, ENISA, press at, Mobile: +30-6948-460143, or Agris Belasovs, cert-relations at

Computer / Electronics News

ENISA - European Network and Information Security Agency News

will not be displayed