Having worked through getting ISO27001 certification for a financial institution I found its not about the software but about processes and procedures. The software is very dependent on your environment.
Thanks Fire Ant,
It's true that processes and procedures are of utmost importance but my concern is that I might need to interface the system with other CERT's applications in the future!
You should certainly have some procedures and guidelines in place when creating an incident response plan. This really does depend on your environment though. You may not need to specify any software, it could be as simple as stating that you will call a qualified forensic/investigative team. It depends how deep you want to go.
Thanks for the feedback. Actually, I am working on a project that coordinates more than one CERT, like having a main point of contact for several CERTs where incidents can be escalated to other CERTs through this unit. Back to my original question: I would need a common incident handling software application that interfaces with the others, at the moment I am visiting each CERT to create a list of products used!
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum