|
DataMuseum.dkPresents historical artifacts from the history of: DKUUG/EUUG Conference tapes |
This is an automatic "excavation" of a thematic subset of
See our Wiki for more about DKUUG/EUUG Conference tapes Excavated with: AutoArchaeologist - Free & Open Source Software. |
top - metrics - downloadIndex: T U
Length: 295945 (0x48409)
Types: TextFile
Notes: Uncompressed file
└─⟦4f9d7c866⟧ Bits:30007245 EUUGD6: Sikkerheds distributionen
└─⟦8672ea795⟧ »./papers/Misc/security-csirc.ps.Z«
└─⟦this⟧
%!PS-Adobe\r
/wpdict 120 dict def\r
wpdict begin\r
/bdef {bind def} bind def\r
\r
/bflg false def\r
/Bfont 0 def\r
/bon false def\r
\r
/psz 0 def\r
/_S /show load def\r
/_t {0 rmoveto} bdef\r
\r
/_pixelsnap\r
{transform .25 sub round .25 add\r
exch .25 sub round .25 add exch itransform\r
} bdef\r
/_pixeldsnap\r
{ dtransform round exch round exch idtransform } bdef\r
\r
/_lt {_pixelsnap lineto} bdef\r
/_rlt {_pixeldsnap rlineto} bdef\r
/_mt {_pixelsnap moveto} bdef\r
/_rmt {_pixeldsnap rmoveto} bdef\r
\r
/bshow {gsave psz 30 div 0 _rmt dup show grestore show} bdef\r
\r
/DUx 0 def\r
/DUy 0 def\r
/hscl 0 def\r
\r
/M {_mt\r
2 mul -2 2\r
{ -2 roll 0 _rmt _S } for\r
} bdef\r
\r
/makeoutl\r
{ dup /OutlineFlag known not\r
{ dup dup length 2 add dict begin\r
{1 index /FID ne { def }{ pop pop } ifelse } forall\r
/UniqueID known {/UniqueID UniqueID 10000 add def} if\r
/PaintType PaintType 0 eq { 2 }{ PaintType } ifelse def\r
/StrokeWidth 15 def\r
/OutlineFlag true def\r
/OutlineFont currentdict end definefont\r
} if\r
} bdef\r
\r
/nbuff 50 string def\r
/orntsv 0 def\r
/plen 0 def\r
/pwid 0 def\r
/picstr 1 string def\r
\r
/WPencoding StandardEncoding 256 array copy def 0\r
[ 127/Aacute/Acircumflex/Adieresis/Agrave/Aring/Atilde/Ccedilla\r
/Delta/Eacute/Ecircumflex/Edieresis/Egrave/Eth/Gamma/Iacute\r
/Icircumflex/Idieresis/Igrave/Lambda/Ntilde/Oacute\r
/Ocircumflex/Odieresis/Ograve/Omega/Otilde/Phi/Pi/Psi\r
/Scaron/Sigma/TeXtext32/Theta/Thorn\r
209/Uacute/Ucircumflex/Udieresis/Ugrave/Upsilon/Xi/Yacute\r
/Ydieresis/Zcaron/aacute/acircumflex/adieresis/agrave\r
/aring/atilde/brokenbar\r
228/ccedilla/copyright/degree/divide\r
236/dotlessj/eacute/ecircumflex/edieresis/egrave\r
242/eth/ff/ffi\r
246/ffl/iacute\r
252/icircumflex/idieresis/igrave/logicalnot\r
1/minus/mu/multiply/ntilde/oacute/ocircumflex/odieresis\r
/ograve/onehalf/onequarter/onesuperior/otilde/plusminus\r
/registered/scaron/thorn/threequarters/threesuperior\r
/trademark/twosuperior/uacute/ucircumflex/udieresis\r
/ugrave/yacute/ydieresis/zcaron\r
]\r
{ dup type /nametype eq\r
{ WPencoding 2 index 2 index put pop 1 add }\r
{ exch pop } ifelse\r
} forall pop\r
\r
/reencode\r
{ dup FontDirectory exch known\r
{ findfont }\r
{ dup nbuff cvs dup length 1 sub get 82 eq\r
{dup nbuff cvs dup length 1 sub 0 exch getinterval\r
findfont begin\r
currentdict dup length dict begin\r
{ 1 index /FID ne {def} {pop pop} ifelse } forall\r
/FontName exch def\r
\r
/Encoding WPencoding def\r
currentdict dup end end\r
/FontName get exch definefont\r
}\r
{ findfont } ifelse\r
} ifelse\r
} bdef\r
\r
/WPDLencoding StandardEncoding 256 array copy def 0\r
[ 127 /SA420000/SD630000/SF010000/SF020000/SF030000\r
/SF040000/SF050000/SF060000/SF070000/SF080000/SF090000\r
/SF100000/SF110000/SF140000/SF150000/SF160000/SF190000\r
/SF200000/SF210000/SF220000/SF230000/SF240000/SF250000/SF260000\r
/SF270000/SF280000/SF360000/SF370000/SF380000/SF390000/SF400000\r
/SF410000/SF420000/SF430000\r
209 /SF440000/SF450000/SF460000/SF470000/SF480000\r
/SF490000/SF500000/SF510000/SF520000/SF530000/SF540000\r
/SF570000/SF580000/SF590000/SF600000/SF610000\r
228 /SM570001/SM590000/SM600000/SM630000\r
236 /SM680000/SM690000/SM700000/SM750000/SM750002\r
242 /SM770000/SM790000/SP320000\r
246 /SS000000/SS010000\r
252 /SS260000/SS270000/SV040000/apostrophereverse\r
1/arrowboth/arrowdown/arrowleft/arrowright/arrowup/club\r
/deutschmark/diamond/diamondopen/exclamdbl/female\r
/fiveeighths/franc/heart/male/musicalnote/musicalnotedbl\r
/napostrophe/nsuperior/oneeighths/seveneighths/spade\r
/threeeights/underscoredbl/SM760000\r
]\r
{ dup type /nametype eq\r
{ WPDLencoding 2 index 2 index put pop 1 add }\r
{ exch pop } ifelse\r
} forall pop\r
\r
/reencodeL\r
{ dup FontDirectory exch known\r
{ findfont }\r
{ dup nbuff cvs dup length 1 sub get 76 eq\r
{ dup nbuff cvs dup length 1 sub 0 exch getinterval\r
findfont begin\r
currentdict dup length dict begin\r
{ 1 index /FID ne {def} {pop pop} ifelse } forall\r
/FontName exch def\r
/Encoding WPDLencoding def\r
currentdict dup end end\r
/FontName get exch definefont\r
}\r
{ findfont } ifelse\r
} ifelse\r
} bdef\r
\r
/ron false def\r
/sflg false def\r
/slan 0 def\r
/sp 32 def\r
\r
/sshow\r
{ save exch\r
gsave\r
psz 20 div dup neg _rmt dup show\r
grestore\r
dup\r
save exch\r
Bfont setfont\r
1 setgray show\r
restore\r
currentfont makeoutl setfont show\r
currentpoint 3 -1 roll\r
restore _mt\r
} bdef\r
\r
/Sx 0 def\r
/Sy 0 def\r
/Ux 0 def\r
/Uy 0 def\r
/W /widthshow load def\r
\r
/_B {/bflg true def\r
sflg not {/_S /bshow load def /bon true def} if\r
} bdef\r
/_b {/bflg false def\r
bon {/_S /show load def /bon false def} if\r
} bdef\r
/_bd {save} bdef\r
/_bp {save 2 setmiterlimit .06 .06 scale 0 0 _mt} bdef\r
/_ccprocs\r
{/proc2 exch cvlit def\r
/proc1 exch cvlit def\r
/newproc proc1 length proc2 length add\r
array def\r
newproc 0 proc1 putinterval\r
newproc proc1 length proc2 putinterval\r
newproc cvx\r
} def\r
/_clr {3 {255 div 3 1 roll} repeat\r
ron {6 3 roll pop pop pop} {setrgbcolor} ifelse\r
} bdef\r
/_cp /closepath load def\r
/_cw {stroke initclip _mt 0 2 index\r
_rlt 0 _rlt 0 exch neg\r
_rlt clip newpath\r
} bdef\r
/_d /setdash load def\r
/_DU {currentpoint /DUy exch def /DUx exch def} bdef\r
/_du {gsave\r
save\r
8 setlinewidth\r
currentpoint -30 add _mt\r
DUx DUy -30 add _lt stroke\r
restore\r
8 setlinewidth\r
currentpoint -50 add _mt\r
DUx DUy -50 add _lt stroke\r
grestore\r
} bdef\r
/_ed {restore} bdef\r
/_ep {restore showpage 0 0 _mt} bdef\r
/_f /eofill load def\r
/_ff { exch reencode exch\r
3 div dup /psz exch def\r
scalefont dup /Bfont exch def setfont\r
} bdef\r
/_ffs { /slan exch 10 div def /hscl exch 1000 div def\r
/psz exch 3 div def\r
[ psz hscl mul 0 slan dup sin exch cos div psz mul psz 0 0 ]\r
exch reencode exch makefont dup /Bfont exch def setfont\r
} bdef\r
/_g /setgray load def\r
/_gs {neg 100 add 100 div setgray} bdef\r
/_i {gsave\r
dup /picstr exch 7 add 8 idiv string def\r
3 1 roll translate dup 1 scale\r
dup 1 1 [5 -1 roll 0 0 1 0 0]\r
{currentfile picstr readhexstring pop} image\r
grestore\r
} bdef\r
/_is {save 4 1 roll\r
dup /picstr exch 7 add 8 idiv string def\r
3 1 roll translate dup 1 scale\r
dup 1 1 [5 -1 roll 0 0 1 0 0]\r
{currentfile picstr readhexstring pop} image\r
restore\r
} bdef\r
/_ie {1 eq { {1 exch sub} currenttransfer _ccprocs settransfer} if\r
/_isx exch def /_isy exch def\r
_isx mul exch _isy mul translate\r
add 2 div /_txc exch def\r
add 2 div /_tyc exch def\r
_txc _isx mul _tyc _isy mul translate\r
360 exch sub rotate\r
1 eq { _isx neg _isy scale }\r
{ _isx _isy scale }\r
ifelse _txc neg _tyc neg translate\r
} bdef\r
/_irms {save\r
12 1 roll\r
1 eq {{1 exch sub} currenttransfer _ccprocs settransfer} if\r
/picstr exch string def translate\r
2 index 6 index sub 2 div 2 index 6 index sub 2 div neg\r
translate\r
5 index 5 index 2 div neg exch 2 div exch\r
2 copy neg exch neg exch 5 2 roll translate\r
360 exch sub rotate\r
3 index 3 index 7 index div exch 8 index div exch scale\r
translate pop pop 2 index 2 index scale\r
3 index 0 eq\r
{ [ 3 index 0 0 5 index neg 0 0 ] }\r
{ 3 index 1 eq\r
{ [ 3 index 0 0 5 index 0 7 index ] }\r
{ 3 index 128 eq\r
{ [ 3 index neg 0 0 5 index neg 7 index 0 ] }\r
{ [ 3 index neg 0 0 5 index 7 index 7 index ] } ifelse\r
} ifelse\r
} ifelse\r
{currentfile picstr readhexstring pop} image\r
pop\r
restore\r
} bdef\r
\r
/_l {_lt} bdef\r
/_lr {_rlt} bdef\r
/_m {_mt} bdef\r
/_O {currentfont makeoutl setfont} bdef\r
/_o {Bfont setfont} bdef\r
/_ornt {/pwid exch def /plen exch def\r
orntsv 1 eq {0 pwid translate -90 rotate} if\r
orntsv 2 eq {pwid plen translate 180 rotate} if\r
orntsv 3 eq {plen 0 translate 90 rotate} if\r
dup 1 eq {pwid 0 translate 90 rotate} if\r
dup 2 eq {pwid plen translate 180 rotate} if\r
dup 3 eq {0 plen translate -90 rotate} if\r
/orntsv exch def\r
} bdef\r
/_lod1 {currentpoint orntsv plen pwid 6 -1 roll restore save} bdef\r
/_lod2 {_bp 7 2 roll _ornt _mt} bdef\r
/_unlod {currentpoint orntsv plen pwid 7 -2 roll restore restore\r
_bp 6 1 roll _ornt _mt\r
} bdef\r
/_p {2 copy _mt 1 0 _rlt _mt} bdef\r
/_pl {{_lt} repeat} bdef\r
/_R { /ron true def /_S /_rshow load def /_t /_red load def} bdef\r
/_rshow { save exch\r
currentpoint\r
/RSy exch def /RSx exch def\r
ron {\r
sflg\r
{ currentpoint\r
/Ry exch def /Rx exch def\r
dup stringwidth pop Rx Ry psz 4 div add _mt\r
Rx psz 15 add setlinewidth .95 setgray 0 setlinecap\r
add Ry psz 4 div add _lt stroke Rx Ry _mt 0 0 0 setrgbcolor\r
dup show Rx Ry _mt\r
sshow\r
}\r
{ _redshow\r
}ifelse\r
}\r
{ sflg {sshow} if\r
}ifelse\r
currentpoint 3 -1 roll\r
restore _mt\r
} bdef\r
/_red { gsave dup\r
currentpoint /Ry exch def /Rx exch def\r
Rx Ry psz 4 div add _mt\r
Rx psz 15 add setlinewidth .95 setgray 0 setlinecap\r
add Ry psz 4 div add _lt stroke\r
Rx Ry _mt\r
grestore\r
0 rmoveto\r
}bdef\r
/_redshow {currentpoint\r
/Ry exch def /Rx exch def\r
dup stringwidth pop Rx Ry psz 4 div add _mt\r
Rx psz 15 add setlinewidth .95 setgray 0 setlinecap\r
add Ry psz 4 div add _lt stroke Rx Ry _mt 0 0 0 setrgbcolor\r
show currentpoint _mt\r
}bdef\r
/_rmxy {_rmt} bdef\r
/_s /stroke load def\r
/_SH bon {/bon false def} if\r
{/sflg true def /_S /_rshow load def\r
} bdef\r
/_sh { ron {/sflg false def bflg {_B} if}\r
{/_S /show load def /sflg false def bflg {_B} if}ifelse\r
}bdef\r
/_sp { gsave stroke grestore } bdef\r
/_ST {currentpoint /Sy exch def /Sx exch def} bdef\r
/_st {gsave\r
currentpoint pop\r
Sx dup Sy _mt sub\r
(\320) stringwidth pop div\r
dup floor cvi dup\r
dup 0 gt {{(\320) show} repeat}{pop} ifelse sub\r
dup 0 gt {1 scale (\320) show}{pop} ifelse\r
grestore\r
} bdef\r
/_U {currentpoint /Uy exch def /Ux exch def} bdef\r
/_u {gsave\r
currentpoint\r
-30 add _mt\r
Ux Uy -30 add _lt\r
12 setlinewidth\r
stroke\r
grestore\r
} bdef\r
/_w /setlinewidth load def\r
end\r
/#copies 1 def /wpdict2 100 dict def\r
wpdict begin wpdict2 begin\r\r
_bd\r
/_rhs{readhexstring}bdef/_tr{translate}bdef\r
/_ix{index}bdef/_mx{matrix}bdef\r
/ife{ifelse}bdef/_x{exch}bdef\r
/_is{save 4 1 roll\r
dup/picstr _x 7 add 8 idiv string def\r
3 1 roll _tr dup 1 scale\r
dup 1 1[5 -1 roll 0 0 1 0 0]\r
{currentfile picstr _rhs pop}image restore}bdef\r
/_epsi{1 eq{{1 _x sub}currenttransfer _ccprocs settransfer}if\r
/yp _x def/xp _x def/dhgt _x def/dwid _x def\r
4 copy sub/swid _x def\r
sub/shgt _x def\r
add 2 div/icx _x def add 2 div/icy _x def\r
xp dwid 2 div add icx sub yp dhgt 2 div sub\r
icy sub _tr icx icy _tr\r
360 _x sub rotate\r
dwid swid div/xsc _x def _x\r
dhgt shgt div/ysc _x def _x\r
dup 1 eq{xsc neg/xsc _x def pop}\r
{dup 2 eq{ysc neg /ysc _x def pop}\r
{3 eq{ysc neg/ysc _x def xsc neg/xsc _x def}\r
{}ife}ife}ife\r
xsc ysc scale\r
100 div _x 100 div _x scale\r
icx neg icy neg _tr}bdef\r
/_c{3{255 div 3 1 roll}repeat setrgbcolor}bdef\r
/eq3{3 copy 2 _ix eq{eq{true}{false}ife}{pop\r
pop false}ife}bdef\r
/g{255 div setgray}bdef\r
/_clr{ron{6 3 roll pop pop pop}{eq3{pop\r
pop g}{_c}ife}ife}bdef\r
/_r{/ron false def eq3{1 sub neg g pop\r
pop}{setrgbcolor}ife}bdef\r
/_ircms{save 15 1 roll\r
1 eq{{1 exch sub}currenttransfer _ccprocs settransfer}if\r
/pstr _x string def _tr\r
/Cli _x def/USy _x def/USx _x def/Rot _x def/HTd _x def\r
/WDd _x def/Bdep _x def/HTs _x def/WDs _x def/MIR _x def\r
USx 100 div USy 100 div scale\r
WDd WDs sub 2 div HTd HTs sub 2 div neg _tr\r
WDs HTs 2 div neg _x 2 div _x _tr\r
Rot 360 _x sub rotate WDd HTd HTs div _x WDs div _x scale\r
WDs 2 div neg HTs 2 div _tr\r
WDs HTs scale WDs HTs Bdep MIR 0\r
eq{[WDs 0 0 HTs neg 0 0]}{MIR 1 eq{[WDs 0 0 HTs 0 HTs]}\r
{MIR 128 eq{[WDs neg 0 0 HTs neg WDs 0]}\r
{[WDs neg 0 0 HTs WDs HTs]}ife}ife}ife\r
{currentfile pstr _rhs pop}Cli\r
0 eq{image}{false 3 colorimage}ife\r
restore}bdef\r
/_bp{save 2 setlinecap 2 setmiterlimit\r
.06 .06 scale 0 0 moveto}bdef\r
/tctm _mx def/trot _mx def/tscale _mx def/rmtx _mx def\r
/fr{72 0 rmtx defaultmatrix dtransform\r
/yres _x def/xres _x def\r
xres dup mul yres dup mul add sqrt}bdef\r
/sus{/spotf _x def/sang _x def/csz _x def\r
/m tctm currentmatrix def/rm sang trot rotate def\r
/sm csz dup tscale scale def\r
sm rm m m concatmatrix m concatmatrix pop\r
1 0 m dtransform /y1 _x def/x1 _x def\r
/veclength x1 dup mul y1 dup mul add sqrt def\r
/frcy fr veclength div def /nsang y1 x1 atan def\r
frcy nsang/spotf load setscreen}bdef\r
/bitis{/ybit _x def /xbit _x def\r
/bval bstring ybit bwidth mul xbit 8 idiv add get def\r
/mask 1 7 xbit 8 mod sub bitshift def\r
bval mask and 0 ne}bdef\r
/bps{/y _x def /x _x def\r
/xndx x 1 add 2 div bpside mul cvi def\r
/yndx y 1 add 2 div bpside mul cvi def\r
xndx yndx bitis\r
{/onb onb 1 add def 1}{/ofb ofb 1 add def 0}ife}bdef\r
/stpatt{/csz _x def /angle _x def /bwidth _x def\r
/bpside _x def /bstring _x def\r
/onb 0 def /ofb 0 def\r
csz angle /bps load\r
sus{}settransfer\r
ofb ofb onb add div _g}bdef\r
/_fp{8 1 0 cpi stpatt}bdef\r
/_pf{gsave eofill grestore}bdef\r
/_np{newpath}bdef/_lc{setlinecap}bdef\r
/_sr{/cpi _x def}bdef\r
/nbuff 50 string def\r
letter _bp 0 13200 10200 _ornt /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
gsave 8 8 scale 8 _sr \r
_s [] 0 _d 2 _lc 0 g 59 225 172 1440 _cw \r
172 1499 226 _is FF801FFFFFFFFFFFC000FE000FFFFC000000000000000000000000003F\r
172 1498 226 _is FC0007FFFFFFFFFFC000FE000FFFE0000000000000000000000000003F\r
172 1497 226 _is F80001FFFFFFFFFFC000FE000FFFC0000000000000000000000000003F\r
172 1496 226 _is E00000FFFFFFFFFFC000FE000FFF00000000000000000000000000003F\r
172 1495 226 _is E000003FFFFFFFFFC000FE000FFE00000000000000000000000000003F\r
172 1494 226 _is C000003FFFFFFFFFC000FE000FFC00000000000000000000000000003F\r
172 1493 226 _is 8000003FFFFFFFFFC000FE000FF800000000000000000000000000003F\r
172 1492 226 _is 0000000FFFFFFFFFC000FE000FF000000000000000000000000000003F\r
172 1491 226 _is 00000007FFFFFFFFC000FE000FF000000000000000000000000000003F\r
172 1490 226 _is 00000003FFFFFFFFC000FE000FE000000000000000000000000000003F\r
172 1489 226 _is 00000003FFFFFFFFC000FE000FE000000000000000000000000000003F\r
172 1488 226 _is 00000000FFFFFFFFC000FE000FE000000000000000000000000000003F\r
172 1487 226 _is 000000007FFFFFFFC000FE000FE000000000000000000000000000003F\r
172 1486 226 _is 000000007FFFFFFFC000FE000FC000000000000000000000000000003F\r
172 1485 201 _is 000700003FFFFFFFC000FE000FC0001FFFFFFFFFFFFFFFE0007F\r
172 1484 201 _is 000780000FFFFFFFC000FE000FC0007FFFFFFFFFFFFFFFE0007F\r
172 1483 201 _is 0007E00007FFFFFFC000FE000FC0007FFFFFFFFFFFFFFFE0007F\r
172 1482 201 _is 0007F00007FFFFFFC000FE000FC0007FFFFFFFFFFFFFFFE0007F\r
172 1481 201 _is 0007F00003FFFFFFC000FE000FC0007FFFFFFFFFFFFFFFE0007F\r
172 1480 201 _is 0007F80000FFFFFFC000FE000FC0007FFFFFFFFFFFFFFFE0007F\r
172 1479 201 _is 0007FE0000FFFFFFC000FE000FC0007FFFFFFFFFFFFFFFE0007F\r
172 1478 201 _is 0007FE00007FFFFFC000FE000FC0001FFFFFFFFFFFFFFFE0007F\r
172 1477 201 _is 0007FF00003FFFFFC000FE000FC000000000000000FFFFE0007F\r
172 1476 201 _is 0007FF80001FFFFFC000FE000FE0000000000000001FFFE0007F\r
172 1475 201 _is 0007FFC0000FFFFFC000FE000FE0000000000000000FFFE0007F\r
172 1474 201 _is 0007FFE00007FFFFC000FE000FE00000000000000003FFE0007F\r
172 1473 201 _is 0007FFF00001FFFFC000FE000FE00000000000000001FFE0007F\r
172 1472 201 _is 0007FFF80001FFFFC000FE000FF00000000000000000FFE0007F\r
172 1471 201 _is 0007FFFC0000FFFFC000FE000FF000000000000000007FE0007F\r
172 1470 201 _is 0007FFFC0000FFFFC000FE000FF000000000000000007FE0007F\r
172 1469 201 _is 0007FFFE00007FFFC000FE000FF800000000000000003FE0007F\r
172 1468 201 _is 0007FFFF00003FFFC000FE000FFC00000000000000003FE0007F\r
172 1467 201 _is 0007FFFF80001FFFC000FE000FFE00000000000000003FE0007F\r
172 1466 201 _is 0007FFFFC0000FFFC000FE000FFF00000000000000001FE0007F\r
172 1465 201 _is 0007FFFFE00007FFC000FE000FFFC0000000000000001FE0007F\r
172 1464 201 _is 0007FFFFF00003FFC000FE000FFFE0000000000000001FE0007F\r
172 1463 201 _is 0007FFFFF80001FFC000FE000FFFFC000000000000000FE0007F\r
172 1462 201 _is 0007FFFFFC0000FFC000FE000FFFFFFFFFFFFFFFE0000FE0007F\r
172 1461 201 _is 0007FFFFFE00007FC000FE000FFFFFFFFFFFFFFFF8000FE0007F\r
172 1460 201 _is 0007FFFFFF00003FC000FE000FFFFFFFFFFFFFFFF8000FE0007F\r
172 1459 201 _is 0007FFFFFF80001FC000FE000FFFFFFFFFFFFFFFF8000FE0007F\r
172 1458 201 _is 0007FFFFFFC0000FC000FE000FFFFFFFFFFFFFFFF8000FE0007F\r
172 1457 201 _is 0007FFFFFFE0000FC000FE000FFFFFFFFFFFFFFFF8000FE0007F\r
172 1456 201 _is 0007FFFFFFE00003C000FE000FFFFFFFFFFFFFFFF8000FE0007F\r
172 1455 201 _is 0007FFFFFFF80001C000FE0007FFFFFFFFFFFFFFE0000FE0007F\r
172 1454 201 _is 0007FFFFFFFC00000000FE00000000000000000000000FE0007F\r
172 1453 201 _is 0007FFFFFFFE00000000FE00000000000000000000001FE0007F\r
172 1452 201 _is 0007FFFFFFFE00000000FE00000000000000000000001FE0007F\r
172 1451 201 _is 0007FFFFFFFF80000000FE00000000000000000000001FE0007F\r
172 1450 201 _is 0007FFFFFFFFC0000000FF00000000000000000000003FE0007F\r
172 1449 201 _is 0007FFFFFFFFC0000001FF80000000000000000000003FE0007F\r
172 1448 201 _is 0007FFFFFFFFE0000001FF80000000000000000000003FE0007F\r
172 1447 201 _is 0007FFFFFFFFF8000003FFC0000000000000000000007FE0007F\r
172 1446 201 _is 0007FFFFFFFFF8000007FFE000000000000000000000FFE0007F\r
172 1445 201 _is 0007FFFFFFFFF8000007FFF000000000000000000001FFE0007F\r
172 1444 201 _is 0007FFFFFFFFFE00000FFFF800000000000000000003FFE0007F\r
172 1443 201 _is 0007FFFFFFFFFF00001FFFFC0000000000000000000FFFE0007F\r
172 1442 201 _is 0007FFFFFFFFFFC0003FFFFF0000000000000000001FFFE0007F\r
172 1441 201 _is 0007FFFFFFFFFFF003FFFFFFE00000000000000000FFFFE0007F\r
172 1440 201 _is 0007FFFFFFFFFFF003FFFFFFE00000000000000000FFFFE0007F\r
\r
_s 0 g 0 0 0 0 _cw \r
_s grestore 3072 9703 _m\r
/Times-BoldR 900 _ff\r
(Establishing)_S 100 _t\r(a)_S 100 _t\r(Computer)_S 100 _t\r(Security)_S 3371 9303 _m\r
(Incident)_S 100 _t\r(Response)_S 100 _t\r(Capability)_S 4713 8903 _m\r
(\(CSIRC\))_S /Times-BoldR 580 _ff\r
/Times-RomanR 580 _ff\r
4730 6684 _m\r
(John)_S 64 _t\r(P.)_S 64 _t\r(Wack)_S 4078 6413 _m\r
(Computer)_S 64 _t\r(Systems)_S 64 _t\r(Laboratory)_S 3407 6142 _m\r
(National)_S 64 _t\r(Institute)_S 64 _t\r(of)_S 64 _t\r(Standards)_S 64 _t\r(and)_S 64 _t\r(Technology)_S 3579 3119 _m\r
/Times-BoldR 750 _ff\r
(NIST)_S 83 _t\r(Special)_S 83 _t\r(Publication)_S 83 _t\r(800-3)_S 4402 2439 _m\r
(November,)_S 83 _t\r(1991)_S /Times-RomanR 580 _ff\r
_ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
_ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1380 10682 _m\r
/Times-RomanR 900 _ff\r
(Establishing)_S 100 _t\r(a)_S 100 _t\r(Computer)_S 100 _t\r(Security)_S 100 _t\r(Incident)_S 100 _t\r(Response)_S 100 _t\r(Capability)_S /Times-RomanR 580 _ff\r
4747 10282 _m\r
/Times-RomanR 900 _ff\r
(\(CSIRC\))_S /Times-RomanR 580 _ff\r
4672 9328 _m\r
/Helvetica-BoldR 900 _ff\r
(Abstract)_S 1831 8618 _m\r
/Times-RomanR 580 _ff\r
(Government)_S 64 _t\r(agencies)_S 64 _t\r(and)_S 64 _t\r(other)_S 64 _t\r(organizations)_S 64 _t\r(have)_S 64 _t\r(begun)_S 64 _t\r(to)_S 64 _t\r(augment)_S 64 _t\r(their)_S 64 _t\r(computer)_S 64 _t\r(secu-)_S 1380 8347 _m\r
(rity)_S 64 _t\r(efforts)_S 64 _t\r(because)_S 64 _t\r(of)_S 64 _t\r(increased)_S 64 _t\r(threats)_S 64 _t\r(to)_S 64 _t\r(computer)_S 64 _t\r(security.)_S 128 _t\r(Incidents)_S 64 _t\r(involving)_S 64 _t\r(these)_S 64 _t\r(threats,)_S 1380 8076 _m\r
(including)_S 64 _t\r(computer)_S 64 _t\r(viruses,)_S 64 _t\r(malicious)_S 64 _t\r(user)_S 64 _t\r(activity,)_S 64 _t\r(and)_S 64 _t\r(vulnerabilities)_S 64 _t\r(associated)_S 64 _t\r(with)_S 64 _t\r(high)_S 64 _t\r(tech-)_S 1380 7805 _m\r
(nology,)_S 64 _t\r(require)_S 64 _t\r(a)_S 64 _t\r(skilled)_S 64 _t\r(and)_S 64 _t\r(rapid)_S 64 _t\r(response)_S 64 _t\r(before)_S 64 _t\r(they)_S 64 _t\r(can)_S 64 _t\r(cause)_S 64 _t\r(significant)_S 64 _t\r(damage.)_S 128 _t\r(These)_S 1380 7534 _m\r
(increased)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(efforts,)_S 64 _t\r(described)_S 64 _t\r(here)_S 64 _t\r(as)_S 64 _t\r(Computer)_S 64 _t\r(Security)_S 64 _t\r(Incident)_S 64 _t\r(Response)_S 64 _t\r(Ca-)_S 1380 7263 _m\r
(pabilities)_S 64 _t\r(\(CSIRCs\),)_S 64 _t\r(have)_S 64 _t\r(as)_S 64 _t\r(a)_S 64 _t\r(primary)_S 64 _t\r(focus)_S 64 _t\r(the)_S 64 _t\r(goal)_S 64 _t\r(of)_S 64 _t\r(reacting)_S 64 _t\r(quickly)_S 64 _t\r(and)_S 64 _t\r(efficiently)_S 64 _t\r(to)_S 64 _t\r(com-)_S 1380 6992 _m\r
(puter)_S 64 _t\r(security)_S 64 _t\r(incidents.)_S 128 _t\r(CSIRC)_S 64 _t\r(efforts)_S 64 _t\r(provide)_S 64 _t\r(agencies)_S 64 _t\r(with)_S 64 _t\r(a)_S 64 _t\r(centralized)_S 64 _t\r(and)_S 64 _t\r(cost-effective)_S 1380 6721 _m\r
(approach)_S 64 _t\r(to)_S 64 _t\r(handling)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(incidents)_S 64 _t\r(so)_S 64 _t\r(that)_S 64 _t\r(future)_S 64 _t\r(problems)_S 64 _t\r(can)_S 64 _t\r(be)_S 64 _t\r(efficiently)_S 64 _t\r(re-)_S 1380 6450 _m\r
(solved)_S 64 _t\r(and)_S 64 _t\r(prevented.)_S 1831 5908 _m\r
(While)_S 64 _t\r(the)_S 64 _t\r(risks)_S 64 _t\r(to)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(have)_S 64 _t\r(increased,)_S 64 _t\r(agencies)_S 64 _t\r(have)_S 64 _t\r(also)_S 64 _t\r(become)_S 64 _t\r(more)_S 64 _t\r(de-)_S 1380 5637 _m\r
(pendent)_S 64 _t\r(on)_S 64 _t\r(computers.)_S 128 _t\r(Many)_S 64 _t\r(systems)_S 64 _t\r(in)_S 64 _t\r(widespread)_S 64 _t\r(use)_S 64 _t\r(today)_S 64 _t\r(do)_S 64 _t\r(not)_S 64 _t\r(contain)_S 64 _t\r(safeguards)_S 64 _t\r(to)_S 1380 5366 _m\r
(guarantee)_S 64 _t\r(protection)_S 64 _t\r(from)_S 64 _t\r(these)_S 64 _t\r(threats.)_S 128 _t\r(Additionally,)_S 64 _t\r(as)_S 64 _t\r(systems)_S 64 _t\r(become)_S 64 _t\r(more)_S 64 _t\r(complex,)_S 64 _t\r(they)_S 64 _t\r(are)_S 1380 5095 _m\r
(more)_S 64 _t\r(prone)_S 64 _t\r(to)_S 64 _t\r(vulnerabilities)_S 64 _t\r(that)_S 64 _t\r(can)_S 64 _t\r(increase)_S 64 _t\r(the)_S 64 _t\r(risk)_S 64 _t\r(of)_S 64 _t\r(malicious)_S 64 _t\r(exploitation.)_S 128 _t\r(Due)_S 64 _t\r(to)_S 64 _t\r(greater)_S 1380 4824 _m\r
(availability)_S 64 _t\r(of)_S 64 _t\r(computers,)_S 64 _t\r(users)_S 64 _t\r(are)_S 64 _t\r(often)_S 64 _t\r(de)_S 64 _t\r(facto)_S 64 _t\r(system)_S 64 _t\r(managers,)_S 64 _t\r(however)_S 64 _t\r(many)_S 64 _t\r(have)_S 64 _t\r(neither)_S 1380 4553 _m\r
(the)_S 64 _t\r(requisite)_S 64 _t\r(skills)_S 64 _t\r(nor)_S 64 _t\r(time)_S 64 _t\r(to)_S 64 _t\r(manage)_S 64 _t\r(their)_S 64 _t\r(systems)_S 64 _t\r(effectively.)_S 128 _t\r(These)_S 64 _t\r(factors)_S 64 _t\r(make)_S 64 _t\r(it)_S 64 _t\r(clear)_S 64 _t\r(that)_S 1380 4282 _m\r
(agencies)_S 64 _t\r(need)_S 64 _t\r(to)_S 64 _t\r(augment)_S 64 _t\r(their)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(capabilities)_S 64 _t\r(before)_S 64 _t\r(they)_S 64 _t\r(suffer)_S 64 _t\r(from)_S 64 _t\r(serious)_S 1380 4011 _m\r
(computer)_S 64 _t\r(security)_S 64 _t\r(problems)_S 64 _t\r(that)_S 64 _t\r(can)_S 64 _t\r(harm)_S 64 _t\r(their)_S 64 _t\r(missions,)_S 64 _t\r(result)_S 64 _t\r(in)_S 64 _t\r(significant)_S 64 _t\r(expense,)_S 64 _t\r(and)_S 64 _t\r(tar-)_S 1380 3740 _m\r
(nish)_S 64 _t\r(their)_S 64 _t\r(images.)_S 1831 3198 _m\r
(A)_S 64 _t\r(CSIRC)_S 64 _t\r(can)_S 64 _t\r(help)_S 64 _t\r(agencies)_S 64 _t\r(resolve)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(problems)_S 64 _t\r(in)_S 64 _t\r(a)_S 64 _t\r(way)_S 64 _t\r(that)_S 64 _t\r(is)_S 64 _t\r(both)_S 64 _t\r(effi-)_S 1380 2927 _m\r
(cient)_S 64 _t\r(and)_S 64 _t\r(cost-effective.)_S 128 _t\r(Combined)_S 64 _t\r(with)_S 64 _t\r(policies)_S 64 _t\r(for)_S 64 _t\r(centralized)_S 64 _t\r(reporting,)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(can)_S 64 _t\r(reduce)_S 1380 2656 _m\r
(waste)_S 64 _t\r(and)_S 64 _t\r(duplication)_S 64 _t\r(while)_S 64 _t\r(providing)_S 64 _t\r(a)_S 64 _t\r(better)_S 64 _t\r(posture)_S 64 _t\r(against)_S 64 _t\r(potentially)_S 64 _t\r(devastating)_S 64 _t\r(threats.)_S 128 _t\r(A)_S 1380 2383 _m\r
(CSIRC)_S 64 _t\r(is)_S 64 _t\r(a)_S 64 _t\r/Times-ItalicR 580 _ff\r
(proactive)_S /Times-RomanR 580 _ff\r
64 _t\r(approach)_S 64 _t\r(to)_S 64 _t\r(computer)_S 64 _t\r(security,)_S 64 _t\r(one)_S 64 _t\r(that)_S 64 _t\r(combines)_S 64 _t\r(reactive)_S 64 _t\r(capabilities)_S 64 _t\r(with)_S 1380 2111 _m\r
(active)_S 64 _t\r(steps)_S 64 _t\r(to)_S 64 _t\r(prevent)_S 64 _t\r(future)_S 64 _t\r(incidents)_S 64 _t\r(from)_S 64 _t\r(occurring.)_S 5199 893 _m\r
(iii)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
3595 4442 _m\r
/Helvetica-BoldR 900 _ff\r
(Acknowledgments)_S /Times-RomanR 580 _ff\r
2220 3861 _m\r
(Many)_S 64 _t\r(people)_S 64 _t\r(contributed)_S 64 _t\r(to)_S 64 _t\r(versions)_S 64 _t\r(of)_S 64 _t\r(this)_S 64 _t\r(document)_S 64 _t\r(and)_S 64 _t\r(provided)_S 2220 3590 _m\r
(valuable)_S 64 _t\r(support.)_S 128 _t\r(NIST)_S 64 _t\r(would)_S 64 _t\r(especially)_S 64 _t\r(like)_S 64 _t\r(to)_S 64 _t\r(recognize)_S 64 _t\r(the)_S 64 _t\r(ef-)_S 2220 3319 _m\r
(forts)_S 64 _t\r(of)_S 64 _t\r(E.)_S 64 _t\r(Eugene)_S 64 _t\r(Schultz)_S 64 _t\r(of)_S 64 _t\r(DOE's)_S 64 _t\r(CIAC)_S 64 _t\r(and)_S 64 _t\r(Kenneth)_S 64 _t\r(R.)_S 64 _t\r(van)_S 2220 3048 _m\r
(Wyk)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CERT/CC,)_S 64 _t\r(who)_S 64 _t\r(commented)_S 64 _t\r(on)_S 64 _t\r(drafts)_S 64 _t\r(of)_S 64 _t\r(this)_S 64 _t\r(document)_S 2220 2777 _m\r
(and)_S 64 _t\r(provided)_S 64 _t\r(valuable)_S 64 _t\r(insight)_S 64 _t\r(into)_S 64 _t\r(the)_S 64 _t\r(many)_S 64 _t\r(issues)_S 64 _t\r(involved)_S 64 _t\r(in)_S 2220 2506 _m\r
(incident)_S 64 _t\r(handling.)_S 4845 893 _m\r
(iv)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
/HelveticaR 900 _ff\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /HelveticaR 900 _ff\r
1380 11483 _m\r
/Helvetica-BoldR 900 _ff\r
(Table)_S 100 _t\r(of)_S 100 _t\r(Contents)_S 1380 10773 _m\r
/Times-RomanR 580 _ff\r
(1.)_S 1831 10773 _m\r
(Introduction)_S 2953 10773 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8955 10773 _m\r
128 _t\r(1)_S 1831 10502 _m\r
(1.1)_S 2268 10502 _m\r
(Purpose)_S 3065 10502 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8955 10502 _m\r
128 _t\r(1)_S 1831 10231 _m\r
(1.2)_S 2268 10231 _m\r
(Audience)_S 3177 10231 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8955 10231 _m\r
128 _t\r(1)_S 1831 9960 _m\r
(1.3)_S 2268 9960 _m\r
(Basic)_S 64 _t\r(Terms)_S 3402 9960 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8955 9960 _m\r
128 _t\r(1)_S 1831 9689 _m\r
(1.4)_S 2268 9689 _m\r
(Structure)_S 64 _t\r(of)_S 64 _t\r(this)_S 64 _t\r(Document)_S 4525 9689 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8955 9689 _m\r
128 _t\r(2)_S 1380 9147 _m\r
(2.)_S 1831 9147 _m\r
(CSIRC)_S 64 _t\r(Overview)_S 3290 9147 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8955 9147 _m\r
128 _t\r(3)_S 1831 8876 _m\r
(2.1)_S 2268 8876 _m\r
(Traditional)_S 64 _t\r(Agency)_S 64 _t\r(Computer)_S 64 _t\r(Security)_S 64 _t\r(Efforts)_S 6098 8876 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8955 8876 _m\r
128 _t\r(3)_S 1831 8605 _m\r
(2.2)_S 2268 8605 _m\r
(The)_S 64 _t\r(Changing)_S 64 _t\r(Threat)_S 64 _t\r(Environment)_S 5199 8605 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8955 8605 _m\r
128 _t\r(3)_S 1831 8334 _m\r
(2.3)_S 2268 8334 _m\r
(The)_S 64 _t\r(Need)_S 64 _t\r(for)_S 64 _t\r(CSIR)_S 64 _t\r(Capability)_S 4862 8334 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8955 8334 _m\r
128 _t\r(4)_S 1831 8063 _m\r
(2.4)_S 2268 8063 _m\r
(The)_S 64 _t\r(CSIRC)_S 64 _t\r(Concept)_S 4076 8063 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8955 8063 _m\r
128 _t\r(5)_S 1831 7792 _m\r
(2.5)_S 2268 7792 _m\r
(CSIRC)_S 64 _t\r(Constituency)_S 64 _t\r(and)_S 64 _t\r(Technology)_S 64 _t\r(Focus)_S 5873 7792 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8955 7792 _m\r
128 _t\r(6)_S 1831 7521 _m\r
(2.6)_S 2268 7521 _m\r
(Proactive)_S 64 _t\r(vs.)_S 64 _t\r(Reactive)_S 64 _t\r(Nature)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 5761 7521 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8955 7521 _m\r
128 _t\r(6)_S 1831 7250 _m\r
(2.7)_S 2268 7250 _m\r
(CSIRC)_S 64 _t\r(Relationship)_S 64 _t\r(to)_S 64 _t\r(Current)_S 64 _t\r(Agency)_S 64 _t\r(Security)_S 64 _t\r(Efforts)_S 6884 7250 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8955 7250 _m\r
128 _t\r(6)_S 1831 6979 _m\r
(2.8)_S 2268 6979 _m\r
(Early)_S 64 _t\r(Agency)_S 64 _t\r(CSIRC)_S 64 _t\r(Efforts)_S 4750 6979 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8955 6979 _m\r
128 _t\r(7)_S 1380 6437 _m\r
(3.)_S 1831 6437 _m\r
(Issues)_S 64 _t\r(in)_S 64 _t\r(Establishing)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 4413 6437 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8955 6437 _m\r
128 _t\r(9)_S 1831 6166 _m\r
(3.1)_S 2268 6166 _m\r
(Determining)_S 64 _t\r(CSIR)_S 64 _t\r(Goals)_S 4413 6166 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8955 6166 _m\r
128 _t\r(9)_S 1831 5895 _m\r
(3.2)_S 2268 5895 _m\r
(Defining)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(Constituency)_S 5087 5895 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8923 5895 _m\r
64 _t\r(10)_S 2003 5624 _m\r
(3.2.1)_S 64 _t\r(Constituency)_S 64 _t\r(Communications)_S 64 _t\r(Issues)_S 5536 5624 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8923 5624 _m\r
64 _t\r(10)_S 2003 5353 _m\r
(3.2.2)_S 64 _t\r(Formal)_S 64 _t\r(and)_S 64 _t\r(Informal)_S 64 _t\r(Constituency)_S 5312 5353 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8923 5353 _m\r
64 _t\r(10)_S 1831 5082 _m\r
(3.3)_S 2268 5082 _m\r
(Determining)_S 64 _t\r(the)_S 64 _t\r(Structure)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(Effort)_S 6098 5082 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8923 5082 _m\r
64 _t\r(11)_S 2003 4811 _m\r
(3.3.1)_S 64 _t\r(Centralized,)_S 64 _t\r(Distinct)_S 64 _t\r(Organization)_S 5312 4811 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8923 4811 _m\r
64 _t\r(11)_S 2003 4540 _m\r
(3.3.2)_S 64 _t\r(Decentralized,)_S 64 _t\r(Distributed)_S 64 _t\r(Organization)_S 5649 4540 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8923 4540 _m\r
64 _t\r(11)_S 1831 4269 _m\r
(3.4)_S 2268 4269 _m\r
(Management)_S 64 _t\r(Support)_S 64 _t\r(and)_S 64 _t\r(Funding)_S 5087 4269 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8923 4269 _m\r
64 _t\r(12)_S 2003 3998 _m\r
(3.4.1)_S 64 _t\r(Funding)_S 64 _t\r(and)_S 64 _t\r(Staffing)_S 64 _t\r(Issues)_S 4750 3998 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8923 3998 _m\r
64 _t\r(12)_S 2003 3727 _m\r
(3.4.2)_S 64 _t\r(Effecting)_S 64 _t\r(Centralized)_S 64 _t\r(Reporting)_S 64 _t\r(of)_S 64 _t\r(Incidents)_S 6098 3727 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8923 3727 _m\r
64 _t\r(13)_S 1831 3456 _m\r
(3.5)_S 2268 3456 _m\r
(Creating)_S 64 _t\r(a)_S 64 _t\r(Charter)_S 3851 3456 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8923 3456 _m\r
64 _t\r(13)_S 2003 3185 _m\r
(3.5.1)_S 64 _t\r(Legal)_S 64 _t\r(Issues)_S 64 _t\r(in)_S 64 _t\r(Determining)_S 64 _t\r(a)_S 64 _t\r(Charter)_S 5649 3185 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8923 3185 _m\r
64 _t\r(13)_S 2003 2914 _m\r
(3.5.2)_S 64 _t\r(Components)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(Charter)_S 5199 2914 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8923 2914 _m\r
64 _t\r(14)_S 1831 2643 _m\r
(3.6)_S 2268 2643 _m\r
(Creating)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(Operations)_S 64 _t\r(Handbook)_S 5649 2643 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8923 2643 _m\r
64 _t\r(14)_S 1831 2372 _m\r
(3.7)_S 2268 2372 _m\r
(CSIRC)_S 64 _t\r(Staffing)_S 64 _t\r(Issues)_S 4188 2372 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8923 2372 _m\r
64 _t\r(15)_S 2003 2101 _m\r
(3.7.1)_S 64 _t\r(CSIRC)_S 64 _t\r(Coordinator)_S 4076 2101 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8923 2101 _m\r
64 _t\r(15)_S 2003 1830 _m\r
(3.7.2)_S 64 _t\r(Technical)_S 64 _t\r(Staff)_S 3739 1830 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8923 1830 _m\r
64 _t\r(16)_S 2003 1559 _m\r
(3.7.3)_S 64 _t\r(Other)_S 64 _t\r(Support)_S 64 _t\r(Staff)_S 4076 1559 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8923 1559 _m\r
64 _t\r(16)_S 5232 893 _m\r
(v)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1643 11578 _m\r
(3.7.4)_S 64 _t\r(Requirements)_S 64 _t\r(for)_S 64 _t\r(Clearances)_S 4502 11578 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 11578 _m\r
64 _t\r(17)_S 1643 11307 _m\r
(3.7.5)_S 64 _t\r(Avoiding)_S 64 _t\r(Burn-Out)_S 3716 11307 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 11307 _m\r
64 _t\r(17)_S 1020 10765 _m\r
(4.)_S 1471 10765 _m\r
(CSIRC)_S 64 _t\r(Operational)_S 64 _t\r(Issues)_S 64 _t\r(and)_S 64 _t\r(Activities)_S 4839 10765 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 10765 _m\r
64 _t\r(19)_S 1471 10494 _m\r
(4.1)_S 1908 10494 _m\r
(Communications)_S 64 _t\r(with)_S 64 _t\r(the)_S 64 _t\r(Constituency)_S 5176 10494 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 10494 _m\r
64 _t\r(19)_S 1643 10223 _m\r
(4.1.1)_S 64 _t\r(Issuing)_S 64 _t\r(a)_S 64 _t\r(Press)_S 64 _t\r(Release)_S 4053 10223 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 10223 _m\r
64 _t\r(19)_S 1643 9952 _m\r
(4.1.2)_S 64 _t\r(Setting)_S 64 _t\r(Up)_S 64 _t\r(a)_S 64 _t\r(Hotline)_S 64 _t\r(Capability)_S 4727 9952 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 9952 _m\r
64 _t\r(20)_S 1643 9681 _m\r
(4.1.3)_S 64 _t\r(Setting)_S 64 _t\r(Up)_S 64 _t\r(Alert)_S 64 _t\r(Mechanisms)_S 4615 9681 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 9681 _m\r
64 _t\r(20)_S 1643 9410 _m\r
(4.1.4)_S 64 _t\r(Use)_S 64 _t\r(of)_S 64 _t\r(an)_S 64 _t\r(Information)_S 64 _t\r(Repository)_S 4839 9410 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 9410 _m\r
64 _t\r(21)_S 1471 9139 _m\r
(4.2)_S 1908 9139 _m\r
(Logging)_S 64 _t\r(Information)_S 3716 9139 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 9139 _m\r
64 _t\r(21)_S 1643 8868 _m\r
(4.2.1)_S 64 _t\r(Contact)_S 64 _t\r(Information)_S 3828 8868 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 8868 _m\r
64 _t\r(21)_S 1643 8597 _m\r
(4.2.2)_S 64 _t\r(Activity)_S 64 _t\r(Logs)_S 3267 8597 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 8597 _m\r
64 _t\r(22)_S 1643 8326 _m\r
(4.2.3)_S 64 _t\r(Incident)_S 64 _t\r(Logs)_S 3267 8326 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 8326 _m\r
64 _t\r(22)_S 1643 8055 _m\r
(4.2.4)_S 64 _t\r(Information)_S 64 _t\r(Maintenance)_S 4165 8055 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 8055 _m\r
64 _t\r(23)_S 1471 7784 _m\r
(4.3)_S 1908 7784 _m\r
(Incident)_S 64 _t\r(Notification)_S 64 _t\r(Issues)_S 4165 7784 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 7784 _m\r
64 _t\r(23)_S 1643 7513 _m\r
(4.3.1)_S 64 _t\r(Identifying)_S 64 _t\r(the)_S 64 _t\r(Existence)_S 64 _t\r(of)_S 64 _t\r(an)_S 64 _t\r(Incident)_S 64 _t\r(and)_S 64 _t\r(its)_S 64 _t\r(Scope)_S 6524 7513 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 7513 _m\r
64 _t\r(23)_S 1643 7242 _m\r
(4.3.2)_S 64 _t\r(Notifying)_S 64 _t\r(Appropriate)_S 64 _t\r(Agency)_S 64 _t\r(Personnel)_S 5401 7242 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 7242 _m\r
64 _t\r(23)_S 1643 6971 _m\r
(4.3.3)_S 64 _t\r(Notifying)_S 64 _t\r(Affected)_S 64 _t\r(Users)_S 4165 6971 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 6971 _m\r
64 _t\r(24)_S 1643 6700 _m\r
(4.3.4)_S 64 _t\r(Requests)_S 64 _t\r(for)_S 64 _t\r(Confidentiality)_S 4390 6700 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 6700 _m\r
64 _t\r(24)_S 1471 6429 _m\r
(4.4)_S 1908 6429 _m\r
(Legal)_S 64 _t\r(Issues)_S 3042 6429 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 6429 _m\r
64 _t\r(25)_S 1643 6158 _m\r
(4.4.1)_S 64 _t\r(Working)_S 64 _t\r(With)_S 64 _t\r(Law-Enforcement)_S 64 _t\r(and)_S 64 _t\r(Investigative)_S 64 _t\r(Agencies)_S 6974 6158 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 6158 _m\r
64 _t\r(25)_S 1643 5887 _m\r
(4.4.2)_S 64 _t\r(Incurred)_S 64 _t\r(Liabilities)_S 3716 5887 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 5887 _m\r
64 _t\r(25)_S 1643 5616 _m\r
(4.4.3)_S 64 _t\r(Wording)_S 64 _t\r(of)_S 64 _t\r(Constituency)_S 64 _t\r(Communications)_S 5626 5616 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 5616 _m\r
64 _t\r(26)_S 1643 5345 _m\r
(4.4.4)_S 64 _t\r(Logging)_S 64 _t\r(and)_S 64 _t\r(Gathering)_S 64 _t\r(Evidence)_S 4839 5345 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 5345 _m\r
64 _t\r(27)_S 1471 5074 _m\r
(4.5)_S 1908 5074 _m\r
(Working)_S 64 _t\r(With)_S 64 _t\r(the)_S 64 _t\r(News)_S 64 _t\r(Media)_S 4502 5074 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 5074 _m\r
64 _t\r(27)_S 1471 4803 _m\r
(4.6)_S 1908 4803 _m\r
(Post-Incident)_S 64 _t\r(Analysis)_S 3828 4803 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 4803 _m\r
64 _t\r(28)_S 1471 4532 _m\r
(4.7)_S 1908 4532 _m\r
(Measuring)_S 64 _t\r(the)_S 64 _t\r(Effectiveness)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 5289 4532 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 4532 _m\r
64 _t\r(28)_S 1471 4261 _m\r
(4.8)_S 1908 4261 _m\r
(Additional)_S 64 _t\r(Assistance)_S 3716 4261 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 4261 _m\r
64 _t\r(29)_S 1020 3719 _m\r
(5.)_S 1471 3719 _m\r
(References)_S 2480 3719 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 3719 _m\r
64 _t\r(31)_S 1020 3177 _m\r
(Appendix)_S 64 _t\r(A.)_S 64 _t\r(Annotated)_S 64 _t\r(Bibliography)_S 4053 3177 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 3177 _m\r
64 _t\r(33)_S 1020 2635 _m\r
(Appendix)_S 64 _t\r(B.)_S 64 _t\r(Forum)_S 64 _t\r(of)_S 64 _t\r(Incident)_S 64 _t\r(Response)_S 64 _t\r(&)_S 64 _t\r(Security)_S 64 _t\r(Teams)_S 64 _t\r(\(FIRST\))_S 64 _t\r6749 2635 _m\r
(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 64 _t\r(.)_S 8563 2635 _m\r
64 _t\r(39)_S 4845 893 _m\r
(vi)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
/HelveticaR 900 _ff\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /HelveticaR 900 _ff\r
1380 11483 _m\r
/Helvetica-BoldR 900 _ff\r
(1.)_S 1831 11483 _m\r
(Introduction)_S /Times-RomanR 580 _ff\r
1831 10902 _m\r
(This)_S 64 _t\r(guide)_S 64 _t\r(provides)_S 64 _t\r(advice)_S 64 _t\r(for)_S 64 _t\r(federal)_S 64 _t\r(agencies)_S 64 _t\r(and)_S 64 _t\r(other)_S 64 _t\r(organizations)_S 64 _t\r(on)_S 64 _t\r(establishing)_S 64 _t\r(a)_S 1380 10631 _m\r
(Computer)_S 64 _t\r(Security)_S 64 _t\r(Incident)_S 64 _t\r(Response)_S 64 _t\r(Capability)_S 64 _t\r(\(CSIRC\).)_S 128 _t\r(A)_S 64 _t\r(CSIRC)_S 64 _t\r(provides)_S 64 _t\r(computer)_S 64 _t\r(security)_S 1380 10360 _m\r
(efforts)_S 64 _t\r(with)_S 64 _t\r(the)_S 64 _t\r(capability)_S 64 _t\r(to)_S 64 _t\r(respond)_S 64 _t\r(to)_S 64 _t\r(computer)_S 64 _t\r(security-related)_S 64 _t\r(incidents)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(computer)_S 1380 10089 _m\r
(viruses,)_S 64 _t\r(unauthorized)_S 64 _t\r(user)_S 64 _t\r(activity,)_S 64 _t\r(and)_S 64 _t\r(serious)_S 64 _t\r(software)_S 64 _t\r(vulnerabilities,)_S 64 _t\r(in)_S 64 _t\r(an)_S 64 _t\r(efficient)_S 64 _t\r(and)_S 64 _t\r(timely)_S 1380 9818 _m\r
(manner.)_S 128 _t\r(A)_S 64 _t\r(CSIRC)_S 64 _t\r(further)_S 64 _t\r(promotes)_S 64 _t\r(increased)_S 64 _t\r(security)_S 64 _t\r(awareness)_S 64 _t\r(of)_S 64 _t\r(computer)_S 64 _t\r(security-related)_S 1380 9547 _m\r
(risks)_S 64 _t\r(so)_S 64 _t\r(that)_S 64 _t\r(agencies)_S 64 _t\r(are)_S 64 _t\r(better)_S 64 _t\r(prepared)_S 64 _t\r(and)_S 64 _t\r(protected.)_S /Helvetica-BoldR 700 _ff\r
1380 8917 _m\r
(1.1)_S 1831 8917 _m\r
(Purpose)_S 1831 8503 _m\r
/Times-RomanR 580 _ff\r
(This)_S 64 _t\r(publication)_S 64 _t\r(provides)_S 64 _t\r(guidance)_S 64 _t\r(for)_S 64 _t\r(those)_S 64 _t\r(interested)_S 64 _t\r(in)_S 64 _t\r(establishing)_S 64 _t\r(a)_S 64 _t\r(CSIRC.)_S 128 _t\r(It)_S 64 _t\r(de-)_S 1380 8232 _m\r
(scribes)_S 64 _t\r(why)_S 64 _t\r(traditional)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(efforts)_S 64 _t\r(may)_S 64 _t\r(not)_S 64 _t\r(be)_S 64 _t\r(sufficient)_S 64 _t\r(in)_S 64 _t\r(light)_S 64 _t\r(of)_S 64 _t\r(more)_S 64 _t\r(recent)_S 1380 7961 _m\r
(threats.)_S 128 _t\r(This)_S 64 _t\r(guide)_S 64 _t\r(discusses)_S 64 _t\r(some)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(considerations)_S 64 _t\r(in)_S 64 _t\r(establishing)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(as)_S 64 _t\r(well)_S 64 _t\r(as)_S 64 _t\r(the)_S 1380 7690 _m\r
(organizational,)_S 64 _t\r(technical,)_S 64 _t\r(and)_S 64 _t\r(legal)_S 64 _t\r(issues)_S 64 _t\r(connected)_S 64 _t\r(with)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(operation.)_S 1831 7148 _m\r
(This)_S 64 _t\r(guide)_S 64 _t\r(is)_S 64 _t\r(a)_S 64 _t\r(starting)_S 64 _t\r(point;)_S 64 _t\r(it)_S 64 _t\r(does)_S 64 _t\r(not)_S 64 _t\r(address)_S 64 _t\r(all)_S 64 _t\r(the)_S 64 _t\r(issues)_S 64 _t\r(relevant)_S 64 _t\r(to)_S 64 _t\r(Computer)_S 64 _t\r(Securi-)_S 1380 6877 _m\r
(ty)_S 64 _t\r(Incident)_S 64 _t\r(Response)_S 64 _t\r(\(CSIR\))_S 64 _t\r(for)_S 64 _t\r(each)_S 64 _t\r(agency)_S 64 _t\r(or)_S 64 _t\r(environment.)_S 128 _t\r(To)_S 64 _t\r(establish)_S 64 _t\r(a)_S 64 _t\r(CSIRC,)_S 64 _t\r(each)_S 64 _t\r(agen-)_S 1380 6606 _m\r
(cy)_S 64 _t\r(must)_S 64 _t\r(explore)_S 64 _t\r(many)_S 64 _t\r(options)_S 64 _t\r(and)_S 64 _t\r(make)_S 64 _t\r(many)_S 64 _t\r(decisions.)_S 128 _t\r(References)_S 64 _t\r(are)_S 64 _t\r(included)_S 64 _t\r(in)_S 64 _t\r(this)_S 64 _t\r(docu-)_S 1380 6335 _m\r
(ment)_S 64 _t\r(to)_S 64 _t\r(help)_S 64 _t\r(agencies)_S 64 _t\r(in)_S 64 _t\r(this)_S 64 _t\r(process.)_S /Helvetica-BoldR 700 _ff\r
1380 5705 _m\r
(1.2)_S 1831 5705 _m\r
(Audience)_S 1831 5291 _m\r
/Times-RomanR 580 _ff\r
(This)_S 64 _t\r(guide)_S 64 _t\r(is)_S 64 _t\r(written)_S 64 _t\r(primarily)_S 64 _t\r(for)_S 64 _t\r(federal)_S 64 _t\r(agencies;)_S 64 _t\r(however,)_S 64 _t\r(it)_S 64 _t\r(is)_S 64 _t\r(also)_S 64 _t\r(intended)_S 64 _t\r(for)_S 64 _t\r(other)_S 1380 5020 _m\r
(governmental,)_S 64 _t\r(commercial,)_S 64 _t\r(and)_S 64 _t\r(academic)_S 64 _t\r(organizations.)_S 128 _t\r(Although)_S 64 _t\r(this)_S 64 _t\r(guide)_S 64 _t\r(focuses)_S 64 _t\r(primarily)_S 1380 4749 _m\r
(on)_S 64 _t\r(establishing)_S 64 _t\r(a)_S 64 _t\r(CSIRC,)_S 64 _t\r(it)_S 64 _t\r(contains)_S 64 _t\r(basic)_S 64 _t\r(information)_S 64 _t\r(that)_S 64 _t\r(is)_S 64 _t\r(useful)_S 64 _t\r(for)_S 64 _t\r(readers)_S 64 _t\r(unfamiliar)_S 64 _t\r(with)_S 1380 4478 _m\r
(the)_S 64 _t\r(CSIRC)_S 64 _t\r(concept.)_S /Helvetica-BoldR 700 _ff\r
1380 3848 _m\r
(1.3)_S 1831 3848 _m\r
(Basic)_S 78 _t\r(Terms)_S 1831 3432 _m\r
/Times-RomanR 580 _ff\r
(A)_S 64 _t\r/Times-ItalicR 580 _ff\r
(computer)_S 64 _t\r(security)_S 64 _t\r(incident)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(for)_S 64 _t\r(purposes)_S 64 _t\r(of)_S 64 _t\r(this)_S 64 _t\r(guide,)_S 64 _t\r(is)_S 64 _t\r(any)_S 64 _t\r(adverse)_S 64 _t\r(event)_S 64 _t\r(whereby)_S 1380 3160 _m\r
(some)_S 64 _t\r(aspect)_S 64 _t\r(of)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(could)_S 64 _t\r(be)_S 64 _t\r(threatened:)_S 128 _t\r(loss)_S 64 _t\r(of)_S 64 _t\r(data)_S 64 _t\r(confidentiality,)_S 64 _t\r(disruption)_S 64 _t\r(of)_S 1380 2889 _m\r
(data)_S 64 _t\r(or)_S 64 _t\r(system)_S 64 _t\r(integrity,)_S 64 _t\r(or)_S 64 _t\r(disruption)_S 64 _t\r(or)_S 64 _t\r(denial)_S 64 _t\r(of)_S 64 _t\r(availability.)_S 128 _t\r(The)_S 64 _t\r(definition)_S 64 _t\r(of)_S 64 _t\r(an)_S 64 _t\r(incident)_S 64 _t\r(may)_S 1380 2618 _m\r
(vary)_S 64 _t\r(for)_S 64 _t\r(each)_S 64 _t\r(agency)_S 64 _t\r(depending)_S 64 _t\r(on)_S 64 _t\r(many)_S 64 _t\r(factors;)_S 64 _t\r(however,)_S 64 _t\r(the)_S 64 _t\r(following)_S 64 _t\r(categories)_S 64 _t\r(and)_S 64 _t\r(exam-)_S 1380 2347 _m\r
(ples)_S 64 _t\r(are)_S 64 _t\r(generally)_S 64 _t\r(applicable)_S 64 _t\r/Times-RomanR 450 _ff\r
([SCHULTZ90])_S /Times-RomanR 580 _ff\r
(:)_S 5232 893 _m\r
(1)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1471 11262 _m\r
(\267)_S /Times-BoldR 580 _ff\r
1643 11262 _m\r
(Compromise)_S 64 _t\r(of)_S 64 _t\r(integrity)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(when)_S 64 _t\r(a)_S 64 _t\r(virus)_S 64 _t\r(infects)_S 64 _t\r(a)_S 64 _t\r(program)_S 64 _t\r(or)_S 64 _t\r(the)_S 64 _t\r(discovery)_S 64 _t\r(of)_S 64 _t\r(a)_S 1643 11059 _m\r
(serious)_S 64 _t\r(system)_S 64 _t\r(vulnerability;)_S 1471 10743 _m\r
(\267)_S 1643 10743 _m\r
/Times-BoldR 580 _ff\r
(Denial)_S 64 _t\r(of)_S 64 _t\r(service)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(when)_S 64 _t\r(an)_S 64 _t\r(attacker)_S 64 _t\r(has)_S 64 _t\r(disabled)_S 64 _t\r(a)_S 64 _t\r(system)_S 64 _t\r(or)_S 64 _t\r(a)_S 64 _t\r(network)_S 64 _t\r(worm)_S 1643 10540 _m\r
(has)_S 64 _t\r(saturated)_S 64 _t\r(network)_S 64 _t\r(bandwidth;)_S 1471 10224 _m\r
(\267)_S 1643 10224 _m\r
/Times-BoldR 580 _ff\r
(Misuse)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(when)_S 64 _t\r(an)_S 64 _t\r(intruder)_S 64 _t\r(\(or)_S 64 _t\r(insider\))_S 64 _t\r(makes)_S 64 _t\r(unauthorized)_S 64 _t\r(use)_S 64 _t\r(of)_S 64 _t\r(an)_S 64 _t\r(account;)_S 1471 9908 _m\r
(\267)_S 1643 9908 _m\r
/Times-BoldR 580 _ff\r
(Damage)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(when)_S 64 _t\r(a)_S 64 _t\r(virus)_S 64 _t\r(destroys)_S 64 _t\r(data;)_S 64 _t\r(and)_S 1471 9592 _m\r
(\267)_S 1643 9592 _m\r
/Times-BoldR 580 _ff\r
(Intrusions)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(when)_S 64 _t\r(an)_S 64 _t\r(intruder)_S 64 _t\r(penetrates)_S 64 _t\r(system)_S 64 _t\r(security.)_S 1471 9048 _m\r
(The)_S 64 _t\r(acronym)_S 64 _t\r/Times-ItalicR 580 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
64 _t\r(stands)_S 64 _t\r(for)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Computer)_S 64 _t\r(Security)_S 64 _t\r(Incident)_S 64 _t\r(Response)_S 64 _t\r(Capability)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(whereas)_S 1020 8774 _m\r
/Times-ItalicR 580 _ff\r
(CSIR)_S /Times-RomanR 580 _ff\r
64 _t\r(is)_S 64 _t\r(used)_S 64 _t\r(to)_S 64 _t\r(stand)_S 64 _t\r(for)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Computer)_S 64 _t\r(Security)_S 64 _t\r(Incident)_S 64 _t\r(Response)_S /Times-RomanR 580 _ff\r
(.)_S 128 _t\r(Other)_S 64 _t\r(acronyms)_S 64 _t\r(exist)_S 64 _t\r(for)_S 64 _t\r(CSIR)_S 1020 8500 _m\r
(capability,)_S 64 _t\r(including)_S 64 _t\r/Times-ItalicR 580 _ff\r
(CSRC)_S /Times-RomanR 580 _ff\r
64 _t\r(\(Computer)_S 64 _t\r(Security)_S 64 _t\r(Response)_S 64 _t\r(Center\))_S 64 _t\r(and)_S 64 _t\r/Times-ItalicR 580 _ff\r
(CERT)_S /Times-RomanR 580 _ff\r
64 _t\r(\(Computer)_S 64 _t\r(Emer-)_S 1020 8228 _m\r
(gency)_S 64 _t\r(Response)_S 64 _t\r(Team\).)_S 1471 7684 _m\r
(This)_S 64 _t\r(guide)_S 64 _t\r(uses)_S 64 _t\r(the)_S 64 _t\r(term)_S 64 _t\r/Times-ItalicR 580 _ff\r
(traditional)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(effort)_S /Times-RomanR 580 _ff\r
64 _t\r(to)_S 64 _t\r(describe)_S 64 _t\r(computer)_S 64 _t\r(security)_S 1020 7412 _m\r
(efforts)_S 64 _t\r(that)_S 64 _t\r(are)_S 64 _t\r(rooted)_S 64 _t\r(in)_S 64 _t\r(sound)_S 64 _t\r(principles)_S 64 _t\r(of)_S 64 _t\r(physical)_S 64 _t\r(security)_S 64 _t\r(and)_S 64 _t\r(contingency)_S 64 _t\r(planning)_S 64 _t\r(but)_S 64 _t\r(that)_S 1020 7141 _m\r
(do)_S 64 _t\r(not)_S 64 _t\r(provide)_S 64 _t\r(a)_S 64 _t\r(CSIR)_S 64 _t\r(capability.)_S 1471 6597 _m\r
(The)_S 64 _t\r(terms)_S 64 _t\r/Times-ItalicR 580 _ff\r
(incident)_S 64 _t\r(response)_S /Times-RomanR 580 _ff\r
64 _t\r(and)_S 64 _t\r/Times-ItalicR 580 _ff\r
(incident)_S 64 _t\r(handling)_S /Times-RomanR 580 _ff\r
64 _t\r(are)_S 64 _t\r(used)_S 64 _t\r(synonymously)_S 64 _t\r(to)_S 64 _t\r(describe)_S 64 _t\r(the)_S 1020 6325 _m\r
(reactive)_S 64 _t\r(activities)_S 64 _t\r(associated)_S 64 _t\r(with)_S 64 _t\r(a)_S 64 _t\r(CSIRC.)_S /Helvetica-BoldR 700 _ff\r
1020 5695 _m\r
(1.4)_S 1471 5695 _m\r
(Structure)_S 78 _t\r(of)_S 78 _t\r(this)_S 78 _t\r(Document)_S 1471 5281 _m\r
/Times-RomanR 580 _ff\r
(This)_S 64 _t\r(document)_S 64 _t\r(is)_S 64 _t\r(structured)_S 64 _t\r(as)_S 64 _t\r(follows:)_S 128 _t\r(Chapter)_S 64 _t\r(2)_S 64 _t\r(presents)_S 64 _t\r(an)_S 64 _t\r(overview)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(CSIRC,)_S 64 _t\r(in-)_S 1020 5010 _m\r
(cluding)_S 64 _t\r(reasons)_S 64 _t\r(for)_S 64 _t\r(CSIR)_S 64 _t\r(activity,)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(concept,)_S 64 _t\r(its)_S 64 _t\r(goals,)_S 64 _t\r(components,)_S 64 _t\r(and)_S 64 _t\r(interaction)_S 1020 4739 _m\r
(with)_S 64 _t\r(existing)_S 64 _t\r(agency)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(efforts.)_S 128 _t\r(Chapter)_S 64 _t\r(3)_S 64 _t\r(deals)_S 64 _t\r(with)_S 64 _t\r(issues)_S 64 _t\r(and)_S 64 _t\r(factors)_S 64 _t\r(associat-)_S 1020 4468 _m\r
(ed)_S 64 _t\r(with)_S 64 _t\r(establishing)_S 64 _t\r(an)_S 64 _t\r(agency)_S 64 _t\r(CSIRC.)_S 128 _t\r(Chapter)_S 64 _t\r(4)_S 64 _t\r(describes)_S 64 _t\r(some)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(issues)_S 64 _t\r(associated)_S 64 _t\r(with)_S 1020 4197 _m\r
(operating)_S 64 _t\r(and)_S 64 _t\r(maintaining)_S 64 _t\r(a)_S 64 _t\r(CSIRC.)_S 128 _t\r(The)_S 64 _t\r(appendices)_S 64 _t\r(contain)_S 64 _t\r(an)_S 64 _t\r(annotated)_S 64 _t\r(bibliography)_S 64 _t\r(for)_S 64 _t\r(fur-)_S 1020 3926 _m\r
(ther)_S 64 _t\r(reading)_S 64 _t\r(on)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(and)_S 64 _t\r(incident)_S 64 _t\r(handling)_S 64 _t\r(and)_S 64 _t\r(information)_S 64 _t\r(on)_S 64 _t\r(FIRST,)_S 64 _t\r(the)_S 64 _t\r(Forum)_S 64 _t\r(of)_S 1020 3655 _m\r
(Incident)_S 64 _t\r(Response)_S 64 _t\r(and)_S 64 _t\r(Security)_S 64 _t\r(Teams.)_S 4872 893 _m\r
(2)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
/HelveticaR 900 _ff\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /HelveticaR 900 _ff\r
1380 11483 _m\r
/Helvetica-BoldR 900 _ff\r
(2.)_S 1831 11483 _m\r
(CSIRC)_S 100 _t\r(Overview)_S /Times-RomanR 580 _ff\r
1831 10902 _m\r
(This)_S 64 _t\r(section)_S 64 _t\r(describes)_S 64 _t\r(the)_S 64 _t\r(basic)_S 64 _t\r(aspects)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(Computer)_S 64 _t\r(Security)_S 64 _t\r(Incident)_S 64 _t\r(Response)_S 64 _t\r(Capabili-)_S 1380 10631 _m\r
(ty:)_S 64 _t\r(its)_S 64 _t\r(concept,)_S 64 _t\r(benefits,)_S 64 _t\r(components,)_S 64 _t\r(and)_S 64 _t\r(relationship)_S 64 _t\r(to)_S 64 _t\r(current)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(efforts)_S 64 _t\r(within)_S 1380 10360 _m\r
(an)_S 64 _t\r(agency.)_S 128 _t\r(Background)_S 64 _t\r(sections)_S 64 _t\r(are)_S 64 _t\r(included)_S 64 _t\r(that)_S 64 _t\r(deal)_S 64 _t\r(with)_S 64 _t\r(traditional)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(efforts,)_S 1380 10089 _m\r
(current)_S 64 _t\r(threats)_S 64 _t\r(to)_S 64 _t\r(computer)_S 64 _t\r(security,)_S 64 _t\r(and)_S 64 _t\r(justifications)_S 64 _t\r(for)_S 64 _t\r(increased)_S 64 _t\r(CSIRC)_S 64 _t\r(activity.)_S /Helvetica-BoldR 700 _ff\r
1380 9459 _m\r
(2.1)_S 1831 9459 _m\r
(Traditional)_S 78 _t\r(Agency)_S 78 _t\r(Computer)_S 78 _t\r(Security)_S 78 _t\r(Efforts)_S 1831 9043 _m\r
/Times-RomanR 580 _ff\r
(A)_S 64 _t\r(traditional)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(effort)_S 64 _t\r(typically)_S 64 _t\r(is)_S 64 _t\r/Times-ItalicR 580 _ff\r
(not)_S 64 _t\r(prepared)_S /Times-RomanR 580 _ff\r
64 _t\r(to)_S 64 _t\r(detect)_S 64 _t\r(and)_S 64 _t\r(subsequently)_S 1380 8769 _m\r
(react)_S 64 _t\r(in)_S 64 _t\r(a)_S 64 _t\r/Times-ItalicR 580 _ff\r
(timely)_S /Times-RomanR 580 _ff\r
64 _t\r(and)_S 64 _t\r/Times-ItalicR 580 _ff\r
(efficient)_S /Times-RomanR 580 _ff\r
64 _t\r(manner)_S 64 _t\r(to)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(threats,)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(systems)_S 64 _t\r(intrusions)_S 64 _t\r(or)_S 1380 8497 _m\r
(serious)_S 64 _t\r(bugs)_S 64 _t\r(and)_S 64 _t\r(vulnerabilities)_S 64 _t\r(in)_S 64 _t\r(systems.)_S 1831 7955 _m\r
(Traditional)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(efforts)_S 64 _t\r(are)_S 64 _t\r(designed)_S 64 _t\r(to)_S 64 _t\r(meet)_S 64 _t\r(a)_S 64 _t\r(threat)_S 64 _t\r(scenario)_S 64 _t\r(that)_S 64 _t\r(today)_S 64 _t\r(is)_S 1380 7684 _m\r
(considered)_S 64 _t\r(incomplete)_S 64 _t\r(or)_S 64 _t\r(outdated.)_S 128 _t\r(Until)_S 64 _t\r(the)_S 64 _t\r(early)_S 64 _t\r(1980s,)_S 64 _t\r(problems)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(computer)_S 64 _t\r(viruses)_S 1380 7413 _m\r
(and)_S 64 _t\r(malicious)_S 64 _t\r(hacking)_S 64 _t\r(activity)_S 64 _t\r(were)_S 64 _t\r(not)_S 64 _t\r(recognized)_S 64 _t\r(as)_S 64 _t\r(problems.)_S 128 _t\r(Available)_S 64 _t\r(guidance)_S 64 _t\r(concentrat-)_S 1380 7142 _m\r
(ed)_S 64 _t\r(on)_S 64 _t\r(subjects)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(disaster)_S 64 _t\r(recovery,)_S 64 _t\r(physical)_S 64 _t\r(security,)_S 64 _t\r(backup)_S 64 _t\r(contingency)_S 64 _t\r(procedures,)_S 64 _t\r(and)_S 1380 6871 _m\r
(data)_S 64 _t\r(confidentiality.)_S 128 _t\r(Agencies)_S 64 _t\r(sometimes)_S 64 _t\r(combined)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(responsibilities)_S 64 _t\r(with)_S 64 _t\r(gen-)_S 1380 6600 _m\r
(eral)_S 64 _t\r(security)_S 64 _t\r(responsibilities,)_S 64 _t\r(therefore)_S 64 _t\r(those)_S 64 _t\r(responsible)_S 64 _t\r(for)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(often)_S 64 _t\r(were)_S 64 _t\r(not)_S 1380 6329 _m\r
(highly)_S 64 _t\r(skilled)_S 64 _t\r(in)_S 64 _t\r(computer)_S 64 _t\r(technology.)_S 128 _t\r(For)_S 64 _t\r(many)_S 64 _t\r(years,)_S 64 _t\r(this)_S 64 _t\r(arrangement)_S 64 _t\r(of)_S 64 _t\r(resources)_S 64 _t\r(sufficed.)_S /Helvetica-BoldR 700 _ff\r
1380 5699 _m\r
(2.2)_S 1831 5699 _m\r
(The)_S 78 _t\r(Changing)_S 78 _t\r(Threat)_S 78 _t\r(Environment)_S 1831 5285 _m\r
/Times-RomanR 580 _ff\r
(Computer)_S 64 _t\r(systems)_S 64 _t\r(have)_S 64 _t\r(progressed)_S 64 _t\r(rapidly)_S 64 _t\r(in)_S 64 _t\r(capability)_S 64 _t\r(and)_S 64 _t\r(availability.)_S 128 _t\r(Networks)_S 64 _t\r(such)_S 64 _t\r(as)_S 1380 5012 _m\r
(the)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Internet)_S /Times-RomanR 350 _ff\r
2292 5091 _m\r
(1)_S 2351 5091 _m\r
/Times-RomanR 580 _ff\r
2351 5012 _m\r
64 _t\r(link)_S 64 _t\r(together)_S 64 _t\r(tens)_S 64 _t\r(of)_S 64 _t\r(thousands)_S 64 _t\r(of)_S 64 _t\r(systems)_S 64 _t\r(and)_S 64 _t\r(cross)_S 64 _t\r(international)_S 64 _t\r(boundaries.)_S 128 _t\r(Sys-)_S 1380 4740 _m\r
(tem)_S 64 _t\r(costs)_S 64 _t\r(have)_S 64 _t\r(decreased)_S 64 _t\r(so)_S 64 _t\r(that)_S 64 _t\r(multi-user)_S 64 _t\r(systems,)_S 64 _t\r(personal)_S 64 _t\r(computers,)_S 64 _t\r(and)_S 64 _t\r(local)_S 64 _t\r(area)_S 64 _t\r(networks)_S 1380 4469 _m\r
(are)_S 64 _t\r(often)_S 64 _t\r(widespread)_S 64 _t\r(throughout)_S 64 _t\r(agencies.)_S 2003 3927 _m\r
(Along)_S 64 _t\r(with)_S 64 _t\r(the)_S 64 _t\r(growth)_S 64 _t\r(and)_S 64 _t\r(spread)_S 64 _t\r(of)_S 64 _t\r(computer)_S 64 _t\r(technology,)_S 64 _t\r(a)_S 64 _t\r(similar)_S 64 _t\r(growth)_S 64 _t\r(has)_S 64 _t\r(occurred)_S 1380 3656 _m\r
(in)_S 64 _t\r(the)_S 64 _t\r(ways)_S 64 _t\r(in)_S 64 _t\r(which)_S 64 _t\r(high)_S 64 _t\r(technology)_S 64 _t\r(can)_S 64 _t\r(be)_S 64 _t\r(exploited)_S 64 _t\r(for)_S 64 _t\r(harmful)_S 64 _t\r(purposes.)_S 128 _t\r(Four)_S 64 _t\r(factors)_S 64 _t\r(have)_S 1380 3385 _m\r
(increased)_S 64 _t\r(risks)_S 64 _t\r(of)_S 64 _t\r(malicious)_S 64 _t\r(exploitation:)_S 1831 3069 _m\r
(\267)_S 2003 3069 _m\r
(An)_S 64 _t\r(emphasis)_S 64 _t\r(on)_S 64 _t\r(data)_S 64 _t\r(confidentiality)_S 64 _t\r(\(and)_S 64 _t\r(not)_S 64 _t\r(integrity)_S 64 _t\r(or)_S 64 _t\r(availability\);)_S 1831 2753 _m\r
(\267)_S 2003 2753 _m\r
(Increased)_S 64 _t\r(use)_S 64 _t\r(of)_S 64 _t\r(local)_S 64 _t\r(and)_S 64 _t\r(wide)_S 64 _t\r(area)_S 64 _t\r(networks;)_S 1380 2199 _m\r
_U 3780 2199 _m\r
_u 1380 1883 _m\r
/Times-RomanR 475 _ff\r
53 _t\r53 _t\r53 _t\r53 _t\r53 _t\r/Times-RomanR 285 _ff\r
1645 1948 _m\r
(1)_S 1693 1948 _m\r
/Times-RomanR 475 _ff\r
1693 1883 _m\r
(The)_S 76 _t\r/Times-ItalicR 475 _ff\r
(Internet)_S /Times-RomanR 475 _ff\r
76 _t\r(is)_S 77 _t\r(an)_S 76 _t\r(interconnected)_S 76 _t\r(network)_S 76 _t\r(of)_S 76 _t\r(many)_S 76 _t\r(networks)_S 76 _t\r(all)_S 77 _t\r(running)_S 76 _t\r(the)_S 76 _t\r(TCP/IP)_S 76 _t\r(protocol)_S 76 _t\r(suite,)_S 76 _t\r(connected)_S 1380 1692 _m\r
(through)_S 62 _t\r(gateways.)_S 124 _t\r(It)_S 62 _t\r(exists)_S 62 _t\r(to)_S 62 _t\r(facilitate)_S 62 _t\r(sharing)_S 63 _t\r(of)_S 62 _t\r(resources)_S 62 _t\r(at)_S 62 _t\r(participating)_S 62 _t\r(organizations,)_S 62 _t\r(which)_S 62 _t\r(include)_S 62 _t\r(government)_S 1380 1500 _m\r
(agencies,)_S 48 _t\r(educational)_S 49 _t\r(institutions,)_S 48 _t\r(and)_S 49 _t\r(private)_S 48 _t\r(corporations.)_S 97 _t\r(The)_S 49 _t\r/Times-ItalicR 475 _ff\r
(Internet)_S /Times-RomanR 475 _ff\r
49 _t\r(is)_S 48 _t\r(very)_S 49 _t\r(large,)_S 48 _t\r(covering)_S 49 _t\r(the)_S 48 _t\r(United)_S 49 _t\r(States,)_S 49 _t\r(Cana-)_S 1380 1309 _m\r
(da,)_S 53 _t\r(Europe,)_S 53 _t\r(and)_S 53 _t\r(Asia.)_S 106 _t\r(Estimates)_S 53 _t\r(of)_S 53 _t\r(numbers)_S 53 _t\r(of)_S 53 _t\r(hosts)_S 53 _t\r(exceeds)_S 53 _t\r(500,000;)_S 53 _t\r(it)_S 53 _t\r(continues)_S 53 _t\r(to)_S 53 _t\r(grow)_S 53 _t\r(at)_S 53 _t\r(a)_S 53 _t\r(fast)_S 53 _t\r(rate.)_S /Times-RomanR 580 _ff\r
5232 893 _m\r
(3)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1471 11578 _m\r
(\267)_S 1643 11578 _m\r
(Extensive)_S 64 _t\r(use)_S 64 _t\r(of)_S 64 _t\r(personal)_S 64 _t\r(computers)_S 64 _t\r(combined)_S 64 _t\r(with)_S 64 _t\r(lack)_S 64 _t\r(of)_S 64 _t\r(user)_S 64 _t\r(training;)_S 64 _t\r(and)_S 1471 11262 _m\r
(\267)_S 1643 11262 _m\r
(Increased)_S 64 _t\r(chances)_S 64 _t\r(of)_S 64 _t\r(vulnerabilities)_S 64 _t\r(due)_S 64 _t\r(to)_S 64 _t\r(system)_S 64 _t\r(complexity.)_S 1471 10720 _m\r
(Due)_S 64 _t\r(to)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(requirements)_S 64 _t\r(being)_S 64 _t\r(driven)_S 64 _t\r(in)_S 64 _t\r(the)_S 64 _t\r(past)_S 64 _t\r(by)_S 64 _t\r(concerns)_S 64 _t\r(primarily)_S 64 _t\r(with)_S 1020 10449 _m\r
(secrecy,)_S 64 _t\r(most)_S 64 _t\r(advances)_S 64 _t\r(in)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(have)_S 64 _t\r(been)_S 64 _t\r(oriented)_S 64 _t\r(towards)_S 64 _t\r(protection)_S 64 _t\r(of)_S 64 _t\r(data)_S 64 _t\r(confi-)_S 1020 10178 _m\r
(dentiality)_S 64 _t\r/Times-RomanR 450 _ff\r
([RISK91])_S /Times-RomanR 580 _ff\r
64 _t\r(and)_S 64 _t\r(not)_S 64 _t\r(integrity)_S 64 _t\r(or)_S 64 _t\r(availability.)_S 128 _t\r(However,)_S 64 _t\r(threats)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(computer)_S 64 _t\r(viruses)_S 1020 9907 _m\r
(and)_S 64 _t\r(worms)_S 64 _t\r(are)_S 64 _t\r(generally)_S 64 _t\r(defeated)_S 64 _t\r(by)_S 64 _t\r(mechanisms)_S 64 _t\r(for)_S 64 _t\r(ensuring)_S 64 _t\r(integrity)_S 64 _t\r(and)_S 64 _t\r(availability.)_S 128 _t\r(While)_S 1020 9636 _m\r
(many)_S 64 _t\r(vendors')_S 64 _t\r(products)_S 64 _t\r(contain)_S 64 _t\r(some)_S 64 _t\r(integrity-enhancing)_S 64 _t\r(mechanisms,)_S 64 _t\r(systems)_S 64 _t\r(are)_S 64 _t\r(more)_S 64 _t\r(at)_S 64 _t\r(risk)_S 1020 9365 _m\r
(to)_S 64 _t\r(threats)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(viruses)_S 64 _t\r(and)_S 64 _t\r(worms)_S 64 _t\r(that)_S 64 _t\r(target)_S 64 _t\r(integrity)_S 64 _t\r(and)_S 64 _t\r(availability.)_S 1471 8823 _m\r
(The)_S 64 _t\r(growth)_S 64 _t\r(of)_S 64 _t\r(networks)_S 64 _t\r(now)_S 64 _t\r(provides)_S 64 _t\r(more)_S 64 _t\r(freedom)_S 64 _t\r(of)_S 64 _t\r(range)_S 64 _t\r(for)_S 64 _t\r(malicious)_S 64 _t\r(activity)_S 1020 8552 _m\r
/Times-RomanR 450 _ff\r
([QUARTERM90])_S /Times-RomanR 580 _ff\r
(.)_S 128 _t\r(A)_S 64 _t\r(networked)_S 64 _t\r(system)_S 64 _t\r(whose)_S 64 _t\r(manager)_S 64 _t\r(and)_S 64 _t\r(users)_S 64 _t\r(practice)_S 64 _t\r(poor)_S 64 _t\r(security)_S 64 _t\r(poses)_S 64 _t\r(sig-)_S 1020 8281 _m\r
(nificant)_S 64 _t\r(threats)_S 64 _t\r(to)_S 64 _t\r(other)_S 64 _t\r(systems)_S 64 _t\r(on)_S 64 _t\r(the)_S 64 _t\r(network)_S 64 _t\r(by)_S 64 _t\r(enabling)_S 64 _t\r(the)_S 64 _t\r(spread)_S 64 _t\r(of)_S 64 _t\r(malicious)_S 64 _t\r(software)_S 64 _t\r(or)_S 1020 8010 _m\r
(by)_S 64 _t\r(use)_S 64 _t\r(as)_S 64 _t\r(a)_S 64 _t\r(springboard)_S 64 _t\r(for)_S 64 _t\r(malicious)_S 64 _t\r(user)_S 64 _t\r(activity.)_S 128 _t\r(Interconnected)_S 64 _t\r(computer)_S 64 _t\r(networks)_S 64 _t\r(also)_S 64 _t\r(pro-)_S 1020 7739 _m\r
(vide)_S 64 _t\r(attackers)_S 64 _t\r(a)_S 64 _t\r(high)_S 64 _t\r(degree)_S 64 _t\r(of)_S 64 _t\r(anonymity)_S 64 _t\r(since)_S 64 _t\r(connections)_S 64 _t\r(between)_S 64 _t\r(networks)_S 64 _t\r(and)_S 64 _t\r(countries)_S 64 _t\r(are)_S 1020 7468 _m\r
(often)_S 64 _t\r(difficult)_S 64 _t\r(to)_S 64 _t\r(trace.)_S 1471 6926 _m\r
(As)_S 64 _t\r(the)_S 64 _t\r(price)_S 64 _t\r(and)_S 64 _t\r(size)_S 64 _t\r(of)_S 64 _t\r(systems)_S 64 _t\r(has)_S 64 _t\r(decreased,)_S 64 _t\r(many)_S 64 _t\r(users)_S 64 _t\r(of)_S 64 _t\r(systems)_S 64 _t\r(have)_S 64 _t\r(become,)_S 64 _t\r(in)_S 1020 6655 _m\r
(effect,)_S 64 _t\r(system)_S 64 _t\r(managers)_S 64 _t\r(as)_S 64 _t\r(well.)_S 128 _t\r(This)_S 64 _t\r(is)_S 64 _t\r(particularly)_S 64 _t\r(true)_S 64 _t\r(of)_S 64 _t\r(personal)_S 64 _t\r(computers,)_S 64 _t\r(but)_S 64 _t\r(often)_S 64 _t\r(users)_S 1020 6384 _m\r
(of)_S 64 _t\r(more)_S 64 _t\r(complex)_S 64 _t\r(and)_S 64 _t\r(powerful)_S 64 _t\r(systems)_S 64 _t\r(must)_S 64 _t\r(combine)_S 64 _t\r(their)_S 64 _t\r(other)_S 64 _t\r(work)_S 64 _t\r(activities)_S 64 _t\r(with)_S 64 _t\r(system)_S 1020 6113 _m\r
(management.)_S 128 _t\r(This)_S 64 _t\r(arrangement)_S 64 _t\r(may)_S 64 _t\r(reduce)_S 64 _t\r(emphasis)_S 64 _t\r(on)_S 64 _t\r(proper)_S 64 _t\r(system)_S 64 _t\r(management)_S 64 _t\r(and)_S 64 _t\r(securi-)_S 1020 5842 _m\r
(ty)_S 64 _t\r(procedures)_S 64 _t\r(and)_S 64 _t\r(increase)_S 64 _t\r(the)_S 64 _t\r(likelihood)_S 64 _t\r(that)_S 64 _t\r(systems)_S 64 _t\r(are)_S 64 _t\r(not)_S 64 _t\r(maintained)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(more)_S 64 _t\r(resistent)_S 64 _t\r(to)_S 1020 5571 _m\r
(computer)_S 64 _t\r(security)_S 64 _t\r(threats.)_S 1471 5029 _m\r
(Finally,)_S 64 _t\r(the)_S 64 _t\r(complexity)_S 64 _t\r(of)_S 64 _t\r(modern)_S 64 _t\r(systems)_S 64 _t\r(has)_S 64 _t\r(increased)_S 64 _t\r(the)_S 64 _t\r(risk)_S 64 _t\r(that)_S 64 _t\r(software)_S 64 _t\r(defects)_S 64 _t\r1020 4758 _m\r
(remain)_S 64 _t\r(undetected)_S 64 _t\r(until)_S 64 _t\r(the)_S 64 _t\r(systems)_S 64 _t\r(are)_S 64 _t\r(already)_S 64 _t\r(in)_S 64 _t\r(operation.)_S 128 _t\r(Users)_S 64 _t\r(are)_S 64 _t\r(at)_S 64 _t\r(risk)_S 64 _t\r(from)_S 64 _t\r(undetected)_S 1020 4487 _m\r
(vulnerabilities)_S 64 _t\r(and)_S 64 _t\r(system)_S 64 _t\r(failures)_S 64 _t\r(that)_S 64 _t\r(affect)_S 64 _t\r(system)_S 64 _t\r(integrity)_S 64 _t\r(and)_S 64 _t\r(availability)_S 64 _t\r(and)_S 64 _t\r(increase)_S 64 _t\r(the)_S 1020 4216 _m\r
(odds)_S 64 _t\r(of)_S 64 _t\r(malicious)_S 64 _t\r(exploitation.)_S /Helvetica-BoldR 700 _ff\r
1020 3586 _m\r
(2.3)_S 1471 3586 _m\r
(The)_S 78 _t\r(Need)_S 78 _t\r(for)_S 78 _t\r(CSIR)_S 78 _t\r(Capability)_S 1471 3172 _m\r
/Times-RomanR 580 _ff\r
(The)_S 64 _t\r(elements)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(traditional)_S 64 _t\r(agency)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(effort)_S 64 _t\r(continue)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(important)_S 64 _t\r(and)_S 1020 2901 _m\r
(useful.)_S 128 _t\r(As)_S 64 _t\r(shown)_S 64 _t\r(in)_S 64 _t\r(the)_S 64 _t\r(previous)_S 64 _t\r(discussion,)_S 64 _t\r(two)_S 64 _t\r(trends)_S 64 _t\r(necessitate)_S 64 _t\r(the)_S 64 _t\r(establishment)_S 64 _t\r(of)_S 64 _t\r(CSIR)_S 1020 2630 _m\r
(capability:)_S 128 _t\r(first,)_S 64 _t\r(computers)_S 64 _t\r(are)_S 64 _t\r(widespread)_S 64 _t\r(throughout)_S 64 _t\r(agencies;)_S 64 _t\r(agencies)_S 64 _t\r(rely)_S 64 _t\r(heavily)_S 64 _t\r(on)_S 64 _t\r(com-)_S 1020 2359 _m\r
(puters)_S 64 _t\r(and)_S 64 _t\r(cannot)_S 64 _t\r(afford)_S 64 _t\r(denial)_S 64 _t\r(of)_S 64 _t\r(service,)_S 64 _t\r(and)_S 64 _t\r(second,)_S 64 _t\r(agency)_S 64 _t\r(computer)_S 64 _t\r(systems)_S 64 _t\r(and)_S 64 _t\r(networks)_S 1020 2088 _m\r
(are)_S 64 _t\r(at)_S 64 _t\r(much)_S 64 _t\r(higher)_S 64 _t\r(risk)_S 64 _t\r(to)_S 64 _t\r(threats)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(computer)_S 64 _t\r(viruses,)_S 64 _t\r(intrusions,)_S 64 _t\r(and)_S 64 _t\r(vulnerabilities.)_S 128 _t\r(The)_S 1020 1817 _m\r
(following)_S 64 _t\r(examples)_S 64 _t\r(of)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(incidents)_S 64 _t\r(are)_S 64 _t\r(now)_S 64 _t\r(commonplace:)_S 4872 893 _m\r
(4)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1831 11573 _m\r
(\267)_S 2003 11573 _m\r
(A)_S 64 _t\r(computer)_S 64 _t\r(virus)_S 64 _t\r(is)_S 64 _t\r(copied)_S 64 _t\r(to)_S 64 _t\r(a)_S 64 _t\r(LAN)_S 64 _t\r(server;)_S 64 _t\r(within)_S 64 _t\r(minutes)_S 64 _t\r(hundreds)_S 64 _t\r(of)_S 64 _t\r(other)_S 64 _t\r(computers)_S 2003 11370 _m\r
(are)_S 64 _t\r(infected;)_S 64 _t\r(recovery)_S 64 _t\r(takes)_S 64 _t\r(several)_S 64 _t\r(people)_S 64 _t\r(and)_S 64 _t\r(several)_S 64 _t\r(days.)_S 1831 11054 _m\r
(\267)_S 2003 11054 _m\r
(Backups)_S 64 _t\r(infected)_S 64 _t\r(with)_S 64 _t\r(viruses)_S 64 _t\r(result)_S 64 _t\r(in)_S 64 _t\r(reinfected)_S 64 _t\r(systems,)_S 64 _t\r(requiring)_S 64 _t\r(more)_S 64 _t\r(time)_S 64 _t\r(and)_S 64 _t\r(ex-)_S 2003 10851 _m\r
(pense.)_S 1831 10535 _m\r
(\267)_S 2003 10535 _m\r
(Vulnerabilities)_S 64 _t\r(in)_S 64 _t\r(software)_S 64 _t\r(are)_S 64 _t\r(discovered)_S 64 _t\r(that)_S 64 _t\r(permit)_S 64 _t\r(unauthorized)_S 64 _t\r(entry;)_S 64 _t\r(explicit)_S 64 _t\r(instruc-)_S 2003 10332 _m\r
(tions)_S 64 _t\r(on)_S 64 _t\r(how)_S 64 _t\r(to)_S 64 _t\r(exploit)_S 64 _t\r(the)_S 64 _t\r(vulnerability)_S 64 _t\r(become)_S 64 _t\r(quickly)_S 64 _t\r(known.)_S 1831 10016 _m\r
(\267)_S 2003 10016 _m\r
(System)_S 64 _t\r(intruders)_S 64 _t\r(copy)_S 64 _t\r(password)_S 64 _t\r(files)_S 64 _t\r(and)_S 64 _t\r(distribute)_S 64 _t\r(them)_S 64 _t\r(throughout)_S 64 _t\r(large)_S 64 _t\r(networks.)_S 1831 9700 _m\r
(\267)_S 2003 9700 _m\r
(Break-ins)_S 64 _t\r(through)_S 64 _t\r(international)_S 64 _t\r(networks)_S 64 _t\r(require)_S 64 _t\r(cooperation)_S 64 _t\r(of)_S 64 _t\r(different)_S 64 _t\r(government)_S 2003 9497 _m\r
(agencies.)_S 1831 9181 _m\r
(\267)_S 2003 9181 _m\r
(Outbreaks)_S 64 _t\r(of)_S 64 _t\r(viruses)_S 64 _t\r(or)_S 64 _t\r(system)_S 64 _t\r(penetrations)_S 64 _t\r(appear)_S 64 _t\r(in)_S 64 _t\r(the)_S 64 _t\r(press,)_S 64 _t\r(causing)_S 64 _t\r(embarrassment)_S 2003 8978 _m\r
(and)_S 64 _t\r(possible)_S 64 _t\r(loss)_S 64 _t\r(of)_S 64 _t\r(public)_S 64 _t\r(confidence.)_S 1831 8436 _m\r
(These)_S 64 _t\r(situations)_S 64 _t\r(could)_S 64 _t\r(cause)_S 64 _t\r(agencies)_S 64 _t\r(to)_S 64 _t\r(face)_S 64 _t\r(extreme)_S 64 _t\r(expense)_S 64 _t\r(in)_S 64 _t\r(productivity,)_S 64 _t\r(significant)_S 1380 8165 _m\r
(damage)_S 64 _t\r(to)_S 64 _t\r(their)_S 64 _t\r(systems,)_S 64 _t\r(loss)_S 64 _t\r(of)_S 64 _t\r(funds,)_S 64 _t\r(and)_S 64 _t\r(damage)_S 64 _t\r(to)_S 64 _t\r(their)_S 64 _t\r(reputations)_S 64 _t\r/Times-RomanR 450 _ff\r
([GAO89])_S /Times-RomanR 580 _ff\r
(.)_S 128 _t\r(Clearly,)_S 64 _t\r(agen-)_S 1380 7894 _m\r
(cies)_S 64 _t\r(now)_S 64 _t\r(need)_S 64 _t\r(to)_S 64 _t\r(take)_S 64 _t\r(action)_S 64 _t\r(prior)_S 64 _t\r(to)_S 64 _t\r(suffering)_S 64 _t\r(the)_S 64 _t\r(consequences)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(serious)_S 64 _t\r(computer)_S 64 _t\r(security)_S 1380 7623 _m\r
(problem.)_S /Helvetica-BoldR 700 _ff\r
1380 6993 _m\r
(2.4)_S 1831 6993 _m\r
(The)_S 78 _t\r(CSIRC)_S 78 _t\r(Concept)_S 1831 6579 _m\r
/Times-RomanR 580 _ff\r
(A)_S 64 _t\r(Computer)_S 64 _t\r(Security)_S 64 _t\r(Incident)_S 64 _t\r(Response)_S 64 _t\r(Capability)_S 64 _t\r(is)_S 64 _t\r(that)_S 64 _t\r(part)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(effort)_S 1380 6308 _m\r
(that)_S 64 _t\r(provides)_S 64 _t\r(the)_S 64 _t\r(capability)_S 64 _t\r(to)_S 64 _t\r(respond)_S 64 _t\r(to)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(threats)_S 64 _t\r(rapidly)_S 64 _t\r(and)_S 64 _t\r(effectively.)_S 128 _t\r(A)_S 1380 6037 _m\r
(CSIRC)_S 64 _t\r(is)_S 64 _t\r(a)_S 64 _t\r(direct)_S 64 _t\r(extension)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(contingency)_S 64 _t\r(planning)_S 64 _t\r(process,)_S 64 _t\r(due)_S 64 _t\r(to)_S 64 _t\r(its)_S 64 _t\r(explicit)_S 64 _t\r(preparedness)_S 1380 5766 _m\r
(to)_S 64 _t\r(respond)_S 64 _t\r(to)_S 64 _t\r(threats)_S 64 _t\r(as)_S 64 _t\r(they)_S 64 _t\r(occur.)_S 1831 5224 _m\r
(A)_S 64 _t\r(CSIRC)_S 64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(a)_S 64 _t\r(central)_S 64 _t\r(capability)_S 64 _t\r(for)_S 64 _t\r(dealing)_S 64 _t\r(with)_S 64 _t\r(virtually)_S 64 _t\r(any)_S 64 _t\r(computer)_S 64 _t\r(security)_S 1380 4953 _m\r
(problem)_S 64 _t\r(that)_S 64 _t\r(occurs.)_S 128 _t\r(It)_S 64 _t\r(should)_S 64 _t\r(provide)_S 64 _t\r(a)_S 64 _t\r(means)_S 64 _t\r(for)_S 64 _t\r(reporting)_S 64 _t\r(incidents)_S 64 _t\r(and)_S 64 _t\r(for)_S 64 _t\r(disseminating)_S 1380 4682 _m\r
(important)_S 64 _t\r(incident-related)_S 64 _t\r(information)_S 64 _t\r(to)_S 64 _t\r(management)_S 64 _t\r(and)_S 64 _t\r(users.)_S 128 _t\r(It)_S 64 _t\r(should)_S 64 _t\r(concentrate)_S 64 _t\r(the)_S 64 _t\r(coor-)_S 1380 4411 _m\r
(dination)_S 64 _t\r(of)_S 64 _t\r(incident)_S 64 _t\r(handling)_S 64 _t\r(into)_S 64 _t\r(one)_S 64 _t\r(effort,)_S 64 _t\r(thereby)_S 64 _t\r(eliminating)_S 64 _t\r(duplication)_S 64 _t\r(of)_S 64 _t\r(effort.)_S 1831 3869 _m\r
(One)_S 64 _t\r(basic)_S 64 _t\r(aim)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(is)_S 64 _t\r(to)_S 64 _t\r(mitigate)_S 64 _t\r(the)_S 64 _t\r(potentially)_S 64 _t\r(serious)_S 64 _t\r(effects)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(severe)_S 64 _t\r(comput-)_S 1380 3598 _m\r
(er)_S 64 _t\r(security-related)_S 64 _t\r(problem.)_S 128 _t\r(To)_S 64 _t\r(effect)_S 64 _t\r(this)_S 64 _t\r(aim,)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(effort)_S 64 _t\r(requires)_S 64 _t\r(the)_S 64 _t\r(involvement)_S 64 _t\r(and)_S 1380 3327 _m\r
(cooperation)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(entire)_S 64 _t\r(agency.)_S 128 _t\r(It)_S 64 _t\r(requires)_S 64 _t\r(not)_S 64 _t\r(only)_S 64 _t\r(the)_S 64 _t\r(capability)_S 64 _t\r(to)_S 64 _t\r(react)_S 64 _t\r(to)_S 64 _t\r(incidents,)_S 64 _t\r(but)_S 64 _t\r(the)_S 1380 3056 _m\r
(resources)_S 64 _t\r(to)_S 64 _t\r(alert)_S 64 _t\r(and)_S 64 _t\r(inform)_S 64 _t\r(the)_S 64 _t\r(users.)_S 128 _t\r(It)_S 64 _t\r(requires)_S 64 _t\r(the)_S 64 _t\r(cooperation)_S 64 _t\r(of)_S 64 _t\r(all)_S 64 _t\r(users)_S 64 _t\r(to)_S 64 _t\r(ensure)_S 64 _t\r(that)_S 1380 2785 _m\r
(incidents)_S 64 _t\r(are)_S 64 _t\r(reported)_S 64 _t\r(and)_S 64 _t\r(resolved)_S 64 _t\r(and)_S 64 _t\r(that)_S 64 _t\r(future)_S 64 _t\r(incidents)_S 64 _t\r(are)_S 64 _t\r(prevented.)_S 1831 2243 _m\r
(A)_S 64 _t\r(CSIRC,)_S 64 _t\r(viewed)_S 64 _t\r(as)_S 64 _t\r(a)_S 64 _t\r(discrete)_S 64 _t\r(organization,)_S 64 _t\r(would)_S 64 _t\r(be)_S 64 _t\r(relatively)_S 64 _t\r(small,)_S 64 _t\r(perhaps)_S 64 _t\r(only)_S 64 _t\r(three)_S 1380 1972 _m\r
(or)_S 64 _t\r(more)_S 64 _t\r(individuals.)_S 128 _t\r(In)_S 64 _t\r(its)_S 64 _t\r(broadest)_S 64 _t\r(sense,)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(effort)_S 64 _t\r(can)_S 64 _t\r(be)_S 64 _t\r(viewed)_S 64 _t\r(as)_S 64 _t\r(the)_S 64 _t\r(involvement)_S 64 _t\r(of)_S 1380 1701 _m\r
(the)_S 64 _t\r(agency)_S 64 _t\r(as)_S 64 _t\r(a)_S 64 _t\r(whole,)_S 64 _t\r(organized)_S 64 _t\r(such)_S 64 _t\r(that)_S 64 _t\r(its)_S 64 _t\r(management)_S 64 _t\r(structures,)_S 64 _t\r(communications)_S 64 _t\r(and)_S 64 _t\r(re-)_S 5232 893 _m\r
(5)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1020 11578 _m\r
(porting)_S 64 _t\r(mechanisms,)_S 64 _t\r(and)_S 64 _t\r(users)_S 64 _t\r(all)_S 64 _t\r(work)_S 64 _t\r(together)_S 64 _t\r(in)_S 64 _t\r(reporting,)_S 64 _t\r(responding)_S 64 _t\r(to,)_S 64 _t\r(and)_S 64 _t\r(resolving)_S 64 _t\r(com-)_S 1020 11307 _m\r
(puter)_S 64 _t\r(security)_S 64 _t\r(incidents)_S 64 _t\r(quickly)_S 64 _t\r(and)_S 64 _t\r(efficiently.)_S /Helvetica-BoldR 700 _ff\r
1020 10677 _m\r
(2.5)_S 1471 10677 _m\r
(CSIRC)_S 78 _t\r(Constituency)_S 78 _t\r(and)_S 78 _t\r(Technology)_S 78 _t\r(Focus)_S 1471 10261 _m\r
/Times-RomanR 580 _ff\r
(Inherent)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(purpose)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(is)_S 64 _t\r(the)_S 64 _t\r(existence)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r/Times-ItalicR 580 _ff\r
(constituency)_S /Times-RomanR 580 _ff\r
(:)_S 64 _t\r(the)_S 64 _t\r(group)_S 64 _t\r(of)_S 64 _t\r(users)_S 64 _t\r(or)_S 1020 9989 _m\r
(organizations)_S 64 _t\r(served)_S 64 _t\r(by)_S 64 _t\r(the)_S 64 _t\r(CSIRC.)_S 128 _t\r(The)_S 64 _t\r(constituency)_S 64 _t\r(members)_S 64 _t\r(share)_S 64 _t\r(specific)_S 64 _t\r(characteristics,)_S 1020 9718 _m\r
(such)_S 64 _t\r(as)_S 64 _t\r(a)_S 64 _t\r(specific)_S 64 _t\r(agency,)_S 64 _t\r(its)_S 64 _t\r(computer)_S 64 _t\r(network,)_S 64 _t\r(certain)_S 64 _t\r(operating)_S 64 _t\r(systems,)_S 64 _t\r(or)_S 64 _t\r(other)_S 64 _t\r(common)_S 1020 9445 _m\r
(factors.)_S 128 _t\r(The)_S 64 _t\r(CSIRC's)_S 64 _t\r/Times-ItalicR 580 _ff\r
(technology)_S 64 _t\r(focus)_S /Times-RomanR 580 _ff\r
64 _t\r(is)_S 64 _t\r(that)_S 64 _t\r(area)_S 64 _t\r(of)_S 64 _t\r(computer)_S 64 _t\r(technology)_S 64 _t\r(in)_S 64 _t\r(use)_S 64 _t\r(by)_S 64 _t\r(the)_S 64 _t\r(con-)_S 1020 9173 _m\r
(stituency)_S 64 _t\r(that)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(specializes)_S 64 _t\r(in,)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(microcomputers,)_S 64 _t\r(or)_S 64 _t\r(microcomputers)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(certain)_S 1020 8902 _m\r
(make.)_S 1471 8360 _m\r
(A)_S 64 _t\r(CSIRC)_S 64 _t\r(constituency)_S 64 _t\r(need)_S 64 _t\r(not)_S 64 _t\r(be)_S 64 _t\r(the)_S 64 _t\r(entire)_S 64 _t\r(agency)_S 64 _t\r(or)_S 64 _t\r(organization.)_S 128 _t\r(For)_S 64 _t\r(example,)_S 64 _t\r(an)_S 1020 8089 _m\r
(agency)_S 64 _t\r(might)_S 64 _t\r(utilize)_S 64 _t\r(several)_S 64 _t\r(types)_S 64 _t\r(of)_S 64 _t\r(computer)_S 64 _t\r(and)_S 64 _t\r(networked)_S 64 _t\r(systems,)_S 64 _t\r(but)_S 64 _t\r(may)_S 64 _t\r(decide)_S 64 _t\r(that)_S 64 _t\r(a)_S 1020 7818 _m\r
(CSIRC)_S 64 _t\r(is)_S 64 _t\r(required)_S 64 _t\r(to)_S 64 _t\r(serve)_S 64 _t\r(only)_S 64 _t\r(its)_S 64 _t\r(microcomputer)_S 64 _t\r(users,)_S 64 _t\r(e.g.,)_S 64 _t\r(computer)_S 64 _t\r(viruses)_S 64 _t\r(are)_S 64 _t\r(viewed)_S 64 _t\r(as)_S 1020 7547 _m\r
(more)_S 64 _t\r(likely)_S 64 _t\r(a)_S 64 _t\r(threat)_S 64 _t\r(than)_S 64 _t\r(those)_S 64 _t\r(threats)_S 64 _t\r(more)_S 64 _t\r(common)_S 64 _t\r(to)_S 64 _t\r(larger)_S 64 _t\r(systems.)_S 128 _t\r(Or,)_S 64 _t\r(a)_S 64 _t\r(large)_S 64 _t\r(agency)_S 64 _t\r(com-)_S 1020 7276 _m\r
(posed)_S 64 _t\r(of)_S 64 _t\r(several)_S 64 _t\r(sites)_S 64 _t\r(may)_S 64 _t\r(decide)_S 64 _t\r(that)_S 64 _t\r(current)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(efforts)_S 64 _t\r(at)_S 64 _t\r(some)_S 64 _t\r(sites)_S 64 _t\r(do)_S 64 _t\r(not)_S 1020 7005 _m\r
(require)_S 64 _t\r(a)_S 64 _t\r(CSIRC,)_S 64 _t\r(whereas)_S 64 _t\r(other)_S 64 _t\r(sites)_S 64 _t\r(do.)_S /Helvetica-BoldR 700 _ff\r
1020 6375 _m\r
(2.6)_S 1471 6375 _m\r
(Proactive)_S 78 _t\r(vs.)_S 78 _t\r(Reactive)_S 78 _t\r(Nature)_S 78 _t\r(of)_S 78 _t\r(a)_S 78 _t\r(CSIRC)_S 1471 5959 _m\r
/Times-RomanR 580 _ff\r
(A)_S 64 _t\r(CSIRC)_S 64 _t\r(is)_S 64 _t\r(not)_S 64 _t\r(solely)_S 64 _t\r(a)_S 64 _t\r(reactive)_S 64 _t\r(capability;)_S 64 _t\r(it)_S 64 _t\r(is)_S 64 _t\r(also)_S 64 _t\r(a)_S 64 _t\r/Times-ItalicR 580 _ff\r
(proactive)_S /Times-RomanR 580 _ff\r
64 _t\r(approach)_S 64 _t\r(to)_S 64 _t\r(reducing)_S 64 _t\r(an)_S 1020 5687 _m\r
(agency's)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(risks.)_S 128 _t\r(When)_S 64 _t\r(not)_S 64 _t\r(responding)_S 64 _t\r(to)_S 64 _t\r(incidents,)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(can)_S 64 _t\r(take)_S 64 _t\r(proactive)_S 1020 5416 _m\r
(steps)_S 64 _t\r(to)_S 64 _t\r(educate)_S 64 _t\r(its)_S 64 _t\r(constituency)_S 64 _t\r(regarding)_S 64 _t\r(pertinent)_S 64 _t\r(risks)_S 64 _t\r(and)_S 64 _t\r(threats)_S 64 _t\r(to)_S 64 _t\r(computer)_S 64 _t\r(security.)_S 128 _t\r(These)_S 1020 5145 _m\r
(activities)_S 64 _t\r(can)_S 64 _t\r(prevent)_S 64 _t\r(incidents)_S 64 _t\r(from)_S 64 _t\r(occurring.)_S 128 _t\r(They)_S 64 _t\r(include)_S 64 _t\r(informing)_S 64 _t\r(users)_S 64 _t\r(about)_S 64 _t\r(vulnerabili-)_S 1020 4874 _m\r
(ties)_S 64 _t\r(and)_S 64 _t\r(heightening)_S 64 _t\r(awareness)_S 64 _t\r(of)_S 64 _t\r(other)_S 64 _t\r(security)_S 64 _t\r(threats,)_S 64 _t\r(procedures,)_S 64 _t\r(and)_S 64 _t\r(proper)_S 64 _t\r(maintenance)_S 64 _t\r(of)_S 1020 4603 _m\r
(their)_S 64 _t\r(systems.)_S 1471 4061 _m\r
(An)_S 64 _t\r(analogy)_S 64 _t\r(to)_S 64 _t\r(this)_S 64 _t\r(mix)_S 64 _t\r(of)_S 64 _t\r(activities)_S 64 _t\r(is)_S 64 _t\r(a)_S 64 _t\r(typical)_S 64 _t\r(fire)_S 64 _t\r(department.)_S 128 _t\r(The)_S 64 _t\r(reactive)_S 64 _t\r(activities)_S 64 _t\r(in-)_S 1020 3790 _m\r
(clude)_S 64 _t\r(fighting)_S 64 _t\r(fires;)_S 64 _t\r(however,)_S 64 _t\r(one)_S 64 _t\r(could)_S 64 _t\r(say)_S 64 _t\r(that)_S 64 _t\r(the)_S 64 _t\r(proactive,)_S 64 _t\r(or)_S 64 _t\r(fire-prevention,)_S 64 _t\r(activities)_S 64 _t\r(result)_S 1020 3519 _m\r
(in)_S 64 _t\r(more)_S 64 _t\r(injuries)_S 64 _t\r(prevented.)_S 128 _t\r(Likewise,)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(may)_S 64 _t\r(prove)_S 64 _t\r(more)_S 64 _t\r(cost-effective)_S 64 _t\r(because)_S 64 _t\r(of)_S 64 _t\r(its)_S 1020 3248 _m\r
(incident-prevention)_S 64 _t\r(activities)_S 64 _t\r(than)_S 64 _t\r(its)_S 64 _t\r(incident-handling)_S 64 _t\r(efforts.)_S /Helvetica-BoldR 700 _ff\r
1020 2618 _m\r
(2.7)_S 1471 2618 _m\r
(CSIRC)_S 78 _t\r(Relationship)_S 78 _t\r(to)_S 78 _t\r(Current)_S 78 _t\r(Agency)_S 78 _t\r(Security)_S 78 _t\r(Efforts)_S 1471 2204 _m\r
/Times-RomanR 580 _ff\r
(A)_S 64 _t\r(CSIRC)_S 64 _t\r(activity)_S 64 _t\r(complements)_S 64 _t\r(and)_S 64 _t\r(improves)_S 64 _t\r(current)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(efforts.)_S 128 _t\r(Results)_S 64 _t\r(of)_S 1020 1933 _m\r
(CSIRC)_S 64 _t\r(activity)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(collected)_S 64 _t\r(statistics)_S 64 _t\r(and)_S 64 _t\r(other)_S 64 _t\r(information)_S 64 _t\r(on)_S 64 _t\r(computer)_S 64 _t\r(security,)_S 64 _t\r(comple-)_S 1020 1662 _m\r
(ment)_S 64 _t\r(other)_S 64 _t\r(components)_S 64 _t\r(of)_S 64 _t\r(current)_S 64 _t\r(efforts)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(risk)_S 64 _t\r(analysis,)_S 64 _t\r(contingency)_S 64 _t\r(planning,)_S 64 _t\r(and)_S 64 _t\r(securi-)_S 1020 1391 _m\r
(ty)_S 64 _t\r(audit.)_S 128 _t\r(The)_S 64 _t\r(proactive)_S 64 _t\r(functions)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(CSIRC,)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(security)_S 64 _t\r(awareness)_S 64 _t\r(training,)_S 64 _t\r(may)_S 64 _t\r(already)_S 4872 893 _m\r
(6)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1380 11573 _m\r
(exist)_S 64 _t\r(to)_S 64 _t\r(some)_S 64 _t\r(degree)_S 64 _t\r(in)_S 64 _t\r(current)_S 64 _t\r(security)_S 64 _t\r(programs.)_S 128 _t\r(The)_S 64 _t\r(essential)_S 64 _t\r(requirements)_S 64 _t\r(for)_S 64 _t\r(centralized)_S 1380 11302 _m\r
(reactive)_S 64 _t\r(capability)_S 64 _t\r(may)_S 64 _t\r(already)_S 64 _t\r(exist)_S 64 _t\r(to)_S 64 _t\r(some)_S 64 _t\r(degree)_S 64 _t\r(in)_S 64 _t\r(the)_S 64 _t\r(form)_S 64 _t\r(of)_S 64 _t\r(help)_S 64 _t\r(desks,)_S 64 _t\r(management)_S 1380 11031 _m\r
(reporting)_S 64 _t\r(structures,)_S 64 _t\r(and)_S 64 _t\r(policies)_S 64 _t\r(for)_S 64 _t\r(centralized)_S 64 _t\r(reporting.)_S 1831 10489 _m\r
(However,)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(is)_S 64 _t\r(defined)_S 64 _t\r(less)_S 64 _t\r(by)_S 64 _t\r(its)_S 64 _t\r(organizational)_S 64 _t\r(structure)_S 64 _t\r(than)_S 64 _t\r(by)_S 64 _t\r(its)_S 64 _t\r(centralized,)_S 1380 10218 _m\r
(proactive)_S 64 _t\r(capability)_S 64 _t\r(to)_S 64 _t\r(respond)_S 64 _t\r(to)_S 64 _t\r(security)_S 64 _t\r(threats)_S 64 _t\r(with)_S 64 _t\r(speed,)_S 64 _t\r(efficiency,)_S 64 _t\r(and)_S 64 _t\r(without)_S 64 _t\r(duplication)_S 1380 9947 _m\r
(of)_S 64 _t\r(effort)_S 64 _t\r(and)_S 64 _t\r(waste)_S 64 _t\r(of)_S 64 _t\r(agency)_S 64 _t\r(resources.)_S 128 _t\r(To)_S 64 _t\r(achieve)_S 64 _t\r(those)_S 64 _t\r(objectives,)_S 64 _t\r(current)_S 64 _t\r(efforts)_S 64 _t\r(will)_S 64 _t\r(most)_S 1380 9676 _m\r
(likely)_S 64 _t\r(require)_S 64 _t\r(some)_S 64 _t\r(revamping.)_S 128 _t\r(Policies)_S 64 _t\r(for)_S 64 _t\r(centralized)_S 64 _t\r(reporting)_S 64 _t\r(and)_S 64 _t\r(mechanisms)_S 64 _t\r(for)_S 64 _t\r(effecting)_S 64 _t\r(it)_S 1380 9405 _m\r
(may)_S 64 _t\r(need)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(put)_S 64 _t\r(into)_S 64 _t\r(place.)_S 128 _t\r(Personnel)_S 64 _t\r(with)_S 64 _t\r(the)_S 64 _t\r(requisite)_S 64 _t\r(skills)_S 64 _t\r(and)_S 64 _t\r(necessary)_S 64 _t\r(equipment)_S 64 _t\r(may)_S 1380 9134 _m\r
(need)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(dedicated)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(effort.)_S 128 _t\r(Other)_S 64 _t\r(changes)_S 64 _t\r(in)_S 64 _t\r(the)_S 64 _t\r(way)_S 64 _t\r(in)_S 64 _t\r(which)_S 64 _t\r(the)_S 64 _t\r(agency)_S 64 _t\r(manages)_S 64 _t\r(com-)_S 1380 8863 _m\r
(puter)_S 64 _t\r(security)_S 64 _t\r(will)_S 64 _t\r(most)_S 64 _t\r(likely)_S 64 _t\r(result.)_S /Helvetica-BoldR 700 _ff\r
1380 8233 _m\r
(2.8)_S 1831 8233 _m\r
(Early)_S 78 _t\r(Agency)_S 78 _t\r(CSIRC)_S 78 _t\r(Efforts)_S 1831 7819 _m\r
/Times-RomanR 580 _ff\r
(Several)_S 64 _t\r(government)_S 64 _t\r(agencies)_S 64 _t\r(have)_S 64 _t\r(started)_S 64 _t\r(CSIRC)_S 64 _t\r(activities)_S 64 _t\r(or)_S 64 _t\r(have)_S 64 _t\r(augmented)_S 64 _t\r(their)_S 64 _t\r(com-)_S 1380 7548 _m\r
(puter)_S 64 _t\r(security)_S 64 _t\r(efforts)_S 64 _t\r(with)_S 64 _t\r(CSIR)_S 64 _t\r(capabilities.)_S 128 _t\r(In)_S 64 _t\r(1988,)_S 64 _t\r(the)_S 64 _t\r(Defense)_S 64 _t\r(Advanced)_S 64 _t\r(Research)_S 64 _t\r(Projects)_S 1380 7277 _m\r
(Agency)_S 64 _t\r(\(DARPA\))_S 64 _t\r(funded)_S 64 _t\r(the)_S 64 _t\r(CERT/CC)_S 64 _t\r(\(Computer)_S 64 _t\r(Emergency)_S 64 _t\r(Response)_S 64 _t\r(Team/Coordination)_S 1380 7006 _m\r
(Center\))_S 64 _t\r(to)_S 64 _t\r(investigate)_S 64 _t\r(and)_S 64 _t\r(resolve)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(incidents)_S 64 _t\r(related)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(Internet,)_S 64 _t\r(concentrat-)_S 1380 6735 _m\r
(ing)_S 64 _t\r(mainly)_S 64 _t\r(on)_S 64 _t\r(UNIX)_S /Times-RomanR 350 _ff\r
3033 6815 _m\r
(2)_S 3091 6815 _m\r
/Times-RomanR 580 _ff\r
3091 6735 _m\r
64 _t\r(operating)_S 64 _t\r(systems)_S 64 _t\r/Times-RomanR 450 _ff\r
([SCHERLIS88])_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r/Times-RomanR 450 _ff\r
([SCHERLIS89])_S /Times-RomanR 580 _ff\r
(.)_S 128 _t\r(In)_S 64 _t\r(1989,)_S 64 _t\r(the)_S 64 _t\r(Department)_S 64 _t\r(of)_S 1380 6464 _m\r
(Energy)_S 64 _t\r(\(DOE\))_S 64 _t\r(funded)_S 64 _t\r(the)_S 64 _t\r(CIAC)_S 64 _t\r(\(Computer)_S 64 _t\r(Incident)_S 64 _t\r(Advisory)_S 64 _t\r(Capability\))_S 64 _t\r(to)_S 64 _t\r(handle)_S 64 _t\r(computer)_S 1380 6193 _m\r
(security)_S 64 _t\r(incidents)_S 64 _t\r(affecting)_S 64 _t\r(DOE)_S 64 _t\r(systems)_S 64 _t\r/Times-RomanR 450 _ff\r
([SCHULTZ89])_S /Times-RomanR 580 _ff\r
(.)_S 128 _t\r(Both)_S 64 _t\r(teams)_S 64 _t\r(have)_S 64 _t\r(handled)_S 64 _t\r(and)_S 64 _t\r(resolved)_S 1380 5922 _m\r
(many)_S 64 _t\r(incidents)_S 64 _t\r(and)_S 64 _t\r(regularly)_S 64 _t\r(issue)_S 64 _t\r(alerts)_S 64 _t\r(concerning)_S 64 _t\r(new)_S 64 _t\r(vulnerabilities)_S 64 _t\r(and)_S 64 _t\r(software)_S 64 _t\r(defects.)_S 64 _t\r1380 5651 _m\r
(Several)_S 64 _t\r(other)_S 64 _t\r(government)_S 64 _t\r(and)_S 64 _t\r(commercial)_S 64 _t\r(organizations)_S 64 _t\r(also)_S 64 _t\r(created)_S 64 _t\r(CSIRC)_S 64 _t\r(efforts)_S 64 _t\r/Times-RomanR 450 _ff\r
([DDN89])_S /Times-RomanR 580 _ff\r
(,)_S 1380 5380 _m\r
/Times-RomanR 450 _ff\r
([FEDELI91])_S /Times-RomanR 580 _ff\r
(.)_S 128 _t\r(In)_S 64 _t\r(1990,)_S 64 _t\r(the)_S 64 _t\r(National)_S 64 _t\r(Institute)_S 64 _t\r(of)_S 64 _t\r(Standards)_S 64 _t\r(and)_S 64 _t\r(Technology)_S 64 _t\r(\(NIST\),)_S 64 _t\r(in)_S 64 _t\r(conjunction)_S 1380 5109 _m\r
(with)_S 64 _t\r(the)_S 64 _t\r(CERT/CC,)_S 64 _t\r(DOE's)_S 64 _t\r(CIAC,)_S 64 _t\r(the)_S 64 _t\r(National)_S 64 _t\r(Aeronautics)_S 64 _t\r(and)_S 64 _t\r(Space)_S 64 _t\r(Administration)_S 64 _t\r(\(NASA\),)_S 1380 4838 _m\r
(and)_S 64 _t\r(other)_S 64 _t\r(agency)_S 64 _t\r(response)_S 64 _t\r(teams,)_S 64 _t\r(organized)_S 64 _t\r(a)_S 64 _t\r(cooperative)_S 64 _t\r(activity)_S 64 _t\r(known)_S 64 _t\r(as)_S 64 _t\r(the)_S 64 _t\r(Forum)_S 64 _t\r(of)_S 64 _t\r(Inci-)_S 1380 4567 _m\r
(dent)_S 64 _t\r(Response)_S 64 _t\r(and)_S 64 _t\r(Security)_S 64 _t\r(Teams)_S 64 _t\r(\(FIRST\).)_S 128 _t\r(The)_S 64 _t\r(purpose)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(Forum)_S 64 _t\r(is)_S 64 _t\r(to)_S 64 _t\r(share)_S 64 _t\r(technical)_S 1380 4296 _m\r
(information)_S 64 _t\r(and)_S 64 _t\r(to)_S 64 _t\r(foster)_S 64 _t\r(further)_S 64 _t\r(participation)_S 64 _t\r(in)_S 64 _t\r(incident-handling)_S 64 _t\r(efforts)_S 64 _t\r(by)_S 64 _t\r(government,)_S 64 _t\r(com-)_S 1380 4025 _m\r
(mercial,)_S 64 _t\r(and)_S 64 _t\r(academic)_S 64 _t\r(institutions)_S 64 _t\r/Times-RomanR 450 _ff\r
([NIST90])_S /Times-RomanR 580 _ff\r
(.)_S 128 _t\r(Refer)_S 64 _t\r(to)_S 64 _t\r(Appendix)_S 64 _t\r(B)_S 64 _t\r(for)_S 64 _t\r(more)_S 64 _t\r(information.)_S 1380 1624 _m\r
_U 3780 1624 _m\r
_u 1380 1309 _m\r
/Times-RomanR 475 _ff\r
53 _t\r53 _t\r53 _t\r53 _t\r53 _t\r/Times-RomanR 285 _ff\r
1645 1374 _m\r
(2)_S 1693 1374 _m\r
/Times-RomanR 475 _ff\r
1693 1309 _m\r
(UNIX)_S 53 _t\r(is)_S 53 _t\r(a)_S 53 _t\r(registered)_S 53 _t\r(trademark)_S 53 _t\r(of)_S 53 _t\r(AT&T.)_S /Times-RomanR 580 _ff\r
5232 893 _m\r
(7)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
4872 893 _m\r
(8)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
/HelveticaR 900 _ff\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /HelveticaR 900 _ff\r
1380 11483 _m\r
/Helvetica-BoldR 900 _ff\r
(3.)_S 1831 11483 _m\r
(Issues)_S 100 _t\r(in)_S 100 _t\r(Establishing)_S 100 _t\r(a)_S 100 _t\r(CSIRC)_S /Times-RomanR 580 _ff\r
1831 10902 _m\r
(This)_S 64 _t\r(section)_S 64 _t\r(describes)_S 64 _t\r(some)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(initial)_S 64 _t\r(steps)_S 64 _t\r(and)_S 64 _t\r(issues)_S 64 _t\r(in)_S 64 _t\r(establishing)_S 64 _t\r(a)_S 64 _t\r(Computer)_S 64 _t\r(Secu-)_S 1380 10631 _m\r
(rity)_S 64 _t\r(Incident)_S 64 _t\r(Response)_S 64 _t\r(Capability.)_S 128 _t\r(While)_S 64 _t\r(each)_S 64 _t\r(agency)_S 64 _t\r(has)_S 64 _t\r(its)_S 64 _t\r(own)_S 64 _t\r(specific)_S 64 _t\r(requirements,)_S 64 _t\r(the)_S 1380 10360 _m\r
(steps)_S 64 _t\r(and)_S 64 _t\r(issues)_S 64 _t\r(listed)_S 64 _t\r(here)_S 64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(applicable)_S 64 _t\r(to)_S 64 _t\r(most)_S 64 _t\r(environments.)_S 128 _t\r(The)_S 64 _t\r(issues)_S 64 _t\r(center)_S 64 _t\r(on)_S 1380 10089 _m\r
(determining)_S 64 _t\r(the)_S 64 _t\r(initial)_S 64 _t\r(goals)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIR)_S 64 _t\r(effort,)_S 64 _t\r(defining)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(constituency,)_S 64 _t\r(acquiring)_S 1380 9818 _m\r
(agency)_S 64 _t\r(support,)_S 64 _t\r(effecting)_S 64 _t\r(policies)_S 64 _t\r(for)_S 64 _t\r(centralized)_S 64 _t\r(reporting,)_S 64 _t\r(documenting)_S 64 _t\r(procedures,)_S 64 _t\r(and)_S 64 _t\r(staffing.)_S /Helvetica-BoldR 700 _ff\r
1380 9188 _m\r
(3.1)_S 1831 9188 _m\r
(Determining)_S 78 _t\r(CSIR)_S 78 _t\r(Goals)_S 1831 8774 _m\r
/Times-RomanR 580 _ff\r
(The)_S 64 _t\r(first)_S 64 _t\r(step)_S 64 _t\r(in)_S 64 _t\r(establishing)_S 64 _t\r(an)_S 64 _t\r(incident)_S 64 _t\r(response)_S 64 _t\r(capability)_S 64 _t\r(is)_S 64 _t\r(to)_S 64 _t\r(determine)_S 64 _t\r(whether)_S 64 _t\r(the)_S 1380 8503 _m\r
(nature)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(problem)_S 64 _t\r(in)_S 64 _t\r(the)_S 64 _t\r(agency)_S 64 _t\r(and)_S 64 _t\r(how)_S 64 _t\r(it)_S 64 _t\r(could)_S 64 _t\r(better)_S 64 _t\r(be)_S 64 _t\r(handled)_S 64 _t\r(via)_S 64 _t\r(a)_S 1380 8232 _m\r
(CSIRC)_S 64 _t\r(as)_S 64 _t\r(opposed)_S 64 _t\r(to)_S 64 _t\r(an)_S 64 _t\r(existing)_S 64 _t\r(effort.)_S 128 _t\r(From)_S 64 _t\r(there,)_S 64 _t\r(the)_S 64 _t\r(goals)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(effort)_S 64 _t\r(need)_S 64 _t\r(to)_S 64 _t\r(be)_S 1380 7961 _m\r
(stated.)_S 128 _t\r(The)_S 64 _t\r(goals)_S 64 _t\r(define)_S 64 _t\r(the)_S 64 _t\r(scope)_S 64 _t\r(and)_S 64 _t\r(boundaries)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(effort,)_S 64 _t\r(including)_S 64 _t\r(the)_S 64 _t\r(type)_S 64 _t\r(of)_S 64 _t\r(technology)_S 1380 7690 _m\r
(to)_S 64 _t\r(be)_S 64 _t\r(protected)_S 64 _t\r(and)_S 64 _t\r(the)_S 64 _t\r(constituency)_S 64 _t\r(served.)_S 128 _t\r(Establishing)_S 64 _t\r(clear)_S 64 _t\r(and)_S 64 _t\r(realistic)_S 64 _t\r(goals)_S 64 _t\r(will)_S 64 _t\r(help)_S 64 _t\r(to)_S 1380 7419 _m\r
(determine)_S 64 _t\r(expectations)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(management)_S 64 _t\r(and)_S 64 _t\r(the)_S 64 _t\r(funding)_S 64 _t\r(necessary.)_S 1831 6877 _m\r
(A)_S 64 _t\r(major)_S 64 _t\r(objective)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(is)_S 64 _t\r(to)_S 64 _t\r(gain)_S 64 _t\r(control)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(security)_S 64 _t\r(problem)_S 64 _t\r(by)_S 64 _t\r(taking)_S 64 _t\r(a)_S 64 _t\r(proac-)_S 1380 6606 _m\r
(tive)_S 64 _t\r(approach)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(agency's)_S 64 _t\r(security)_S 64 _t\r(problems)_S 64 _t\r(and)_S 64 _t\r(reacting)_S 64 _t\r(to)_S 64 _t\r(incidents)_S 64 _t\r(as)_S 64 _t\r(necessary.)_S 128 _t\r(The)_S 64 _t\r(goals)_S 1380 6335 _m\r
(of)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(might)_S 64 _t\r(include)_S 64 _t\r(some)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(following:)_S 1831 6019 _m\r
(\267)_S 2003 6019 _m\r
(facilitate)_S 64 _t\r(centralized)_S 64 _t\r(reporting)_S 64 _t\r(of)_S 64 _t\r(incidents;)_S 1831 5703 _m\r
(\267)_S 2003 5703 _m\r
(coordinate)_S 64 _t\r(response)_S 64 _t\r(to)_S 64 _t\r(incidents)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(certain)_S 64 _t\r(type)_S 64 _t\r(or)_S 64 _t\r(affecting)_S 64 _t\r(a)_S 64 _t\r(certain)_S 64 _t\r(technology;)_S 1831 5387 _m\r
(\267)_S 2003 5387 _m\r
(provide)_S 64 _t\r(direct)_S 64 _t\r(technical)_S 64 _t\r(assistance)_S 64 _t\r(as)_S 64 _t\r(needed;)_S 1831 5071 _m\r
(\267)_S 2003 5071 _m\r
(perform)_S 64 _t\r(training)_S 64 _t\r(and)_S 64 _t\r(raise)_S 64 _t\r(security)_S 64 _t\r(awareness)_S 64 _t\r(of)_S 64 _t\r(users)_S 64 _t\r(and)_S 64 _t\r(vendors;)_S 1831 4755 _m\r
(\267)_S 2003 4755 _m\r
(provide)_S 64 _t\r(a)_S 64 _t\r(clearinghouse)_S 64 _t\r(for)_S 64 _t\r(relevant)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(information;)_S 1831 4439 _m\r
(\267)_S 2003 4439 _m\r
(provide)_S 64 _t\r(data)_S 64 _t\r(and)_S 64 _t\r(other)_S 64 _t\r(inputs)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(contingency)_S 64 _t\r(planning)_S 64 _t\r(effort;)_S 1831 4123 _m\r
(\267)_S 2003 4123 _m\r
(promote)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(policies)_S 64 _t\r(within)_S 64 _t\r(a)_S 64 _t\r(constituency;)_S 1831 3807 _m\r
(\267)_S 2003 3807 _m\r
(develop)_S 64 _t\r(or)_S 64 _t\r(distribute)_S 64 _t\r(software)_S 64 _t\r(tools)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(constituency;)_S 1831 3491 _m\r
(\267)_S 2003 3491 _m\r
(encourage)_S 64 _t\r(vendors)_S 64 _t\r(to)_S 64 _t\r(respond)_S 64 _t\r(to)_S 64 _t\r(product-related)_S 64 _t\r(problems;)_S 64 _t\r(and)_S 1831 3175 _m\r
(\267)_S 2003 3175 _m\r
(provide)_S 64 _t\r(liaisons)_S 64 _t\r(to)_S 64 _t\r(legal)_S 64 _t\r(and)_S 64 _t\r(criminal)_S 64 _t\r(investigative)_S 64 _t\r(groups.)_S 1831 2633 _m\r
(Goals)_S 64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(simple,)_S 64 _t\r(unambiguous,)_S 64 _t\r(and)_S 64 _t\r(realistic.)_S 128 _t\r(For)_S 64 _t\r(example,)_S 64 _t\r(the)_S 64 _t\r(ability)_S 64 _t\r(to)_S 64 _t\r(perform)_S 1380 2362 _m\r
(training)_S 64 _t\r(might)_S 64 _t\r(be)_S 64 _t\r(too)_S 64 _t\r(expensive)_S 64 _t\r(for)_S 64 _t\r(some)_S 64 _t\r(organizations.)_S 128 _t\r(Attempting)_S 64 _t\r(to)_S 64 _t\r(serve)_S 64 _t\r(disparate)_S 64 _t\r(constitu-)_S 1380 2089 _m\r
(encies)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(main-frame)_S 64 _t\r/Times-ItalicR 580 _ff\r
(and)_S /Times-RomanR 580 _ff\r
64 _t\r(microcomputer)_S 64 _t\r(users)_S 64 _t\r(may)_S 64 _t\r(be)_S 64 _t\r(impractical)_S 64 _t\r(depending)_S 64 _t\r(on)_S 64 _t\r(fiscal)_S 1380 1817 _m\r
(constraints.)_S 128 _t\r(Therefore,)_S 64 _t\r(guard)_S 64 _t\r(against)_S 64 _t\r(adopting)_S 64 _t\r(any)_S 64 _t\r(overly)_S 64 _t\r(ambitious)_S 64 _t\r(or)_S 64 _t\r(ambiguous)_S 64 _t\r(goals.)_S 5232 893 _m\r
(9)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
/HelveticaR 700 _ff\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /HelveticaR 700 _ff\r
1020 11539 _m\r
/Helvetica-BoldR 700 _ff\r
(3.2)_S 1471 11539 _m\r
(Defining)_S 78 _t\r(the)_S 78 _t\r(CSIRC)_S 78 _t\r(Constituency)_S 1471 11123 _m\r
/Times-RomanR 580 _ff\r
(The)_S 64 _t\r(CSIR)_S 64 _t\r(goals)_S 64 _t\r(determine)_S 64 _t\r(the)_S 64 _t\r(CSIRC's)_S 64 _t\r/Times-ItalicR 580 _ff\r
(constituency)_S /Times-RomanR 580 _ff\r
(.)_S 128 _t\r(The)_S 64 _t\r(constituency)_S 64 _t\r(is)_S 64 _t\r(usually)_S 64 _t\r(aligned)_S 1020 10851 _m\r
(along)_S 64 _t\r(a)_S 64 _t\r(particular)_S 64 _t\r(technology)_S 64 _t\r(focus)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIRC,)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(a)_S 64 _t\r(particular)_S 64 _t\r(type)_S 64 _t\r(of)_S 64 _t\r(computer)_S 64 _t\r(operat-)_S 1020 10580 _m\r
(ing)_S 64 _t\r(system)_S 64 _t\r(or)_S 64 _t\r(network.)_S 128 _t\r(However,)_S 64 _t\r(if)_S 64 _t\r(the)_S 64 _t\r(constituency)_S 64 _t\r(is)_S 64 _t\r(defined)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(an)_S 64 _t\r(entire)_S 64 _t\r(agency,)_S 64 _t\r(the)_S 64 _t\r(tech-)_S 1020 10309 _m\r
(nology)_S 64 _t\r(focus)_S 64 _t\r(results)_S 64 _t\r(in)_S 64 _t\r(any)_S 64 _t\r(computer)_S 64 _t\r(technology)_S 64 _t\r(in)_S 64 _t\r(use)_S 64 _t\r(by)_S 64 _t\r(the)_S 64 _t\r(agency,)_S 64 _t\r(including)_S 64 _t\r(mainframes,)_S 1020 10038 _m\r
(personal)_S 64 _t\r(computers,)_S 64 _t\r(and)_S 64 _t\r(associated)_S 64 _t\r(networks.)_S 128 _t\r(The)_S 64 _t\r(size)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(constituency)_S 64 _t\r(and)_S 64 _t\r(the)_S 64 _t\r(diversity)_S 64 _t\r(of)_S 1020 9767 _m\r
(the)_S 64 _t\r(technology)_S 64 _t\r(focus)_S 64 _t\r(thus)_S 64 _t\r(determine)_S 64 _t\r(the)_S 64 _t\r(size)_S 64 _t\r(and)_S 64 _t\r(scope)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(effort.)_S 128 _t\r(The)_S 64 _t\r(more)_S 64 _t\r(broad)_S 64 _t\r(the)_S 1020 9496 _m\r
(technology)_S 64 _t\r(focus,)_S 64 _t\r(the)_S 64 _t\r(more)_S 64 _t\r(important)_S 64 _t\r(and)_S 64 _t\r(expensive)_S 64 _t\r(it)_S 64 _t\r(will)_S 64 _t\r(be)_S 64 _t\r(to)_S 64 _t\r(acquire)_S 64 _t\r(staff)_S 64 _t\r(with)_S 64 _t\r(technical)_S 1020 9225 _m\r
(expertise)_S 64 _t\r(in)_S 64 _t\r(every)_S 64 _t\r(area.)_S /Helvetica-BoldR 580 _ff\r
1020 8675 _m\r
(3.2.1)_S 64 _t\r(Constituency)_S 64 _t\r(Communications)_S 64 _t\r(Issues)_S 1471 8299 _m\r
/Times-RomanR 580 _ff\r
(An)_S 64 _t\r(important)_S 64 _t\r(factor)_S 64 _t\r(in)_S 64 _t\r(choosing)_S 64 _t\r(a)_S 64 _t\r(constituency)_S 64 _t\r(is)_S 64 _t\r(whether)_S 64 _t\r(there)_S 64 _t\r(exists)_S 64 _t\r(a)_S 64 _t\r(means)_S 64 _t\r(by)_S 64 _t\r(which)_S 1020 8028 _m\r
(the)_S 64 _t\r(CSIRC)_S 64 _t\r(and)_S 64 _t\r(the)_S 64 _t\r(constituency)_S 64 _t\r(can)_S 64 _t\r(communicate)_S 64 _t\r(efficiently)_S 64 _t\r(and)_S 64 _t\r(rapidly,)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(a)_S 64 _t\r(centralized)_S 1020 7757 _m\r
(computer)_S 64 _t\r(network.)_S 128 _t\r(The)_S 64 _t\r(constituency)_S 64 _t\r(will)_S 64 _t\r(need)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(in)_S 64 _t\r(touch)_S 64 _t\r(with)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(to)_S 64 _t\r(effect)_S 64 _t\r(central-)_S 1020 7486 _m\r
(ized)_S 64 _t\r(reporting)_S 64 _t\r(of)_S 64 _t\r(incidents,)_S 64 _t\r(to)_S 64 _t\r(request)_S 64 _t\r(assistance,)_S 64 _t\r(or)_S 64 _t\r(to)_S 64 _t\r(request)_S 64 _t\r(information)_S 64 _t\r(about)_S 64 _t\r(relevant)_S 64 _t\r(aspects)_S 1020 7215 _m\r
(of)_S 64 _t\r(computer)_S 64 _t\r(security.)_S 128 _t\r(If)_S 64 _t\r(some)_S 64 _t\r(convenient)_S 64 _t\r(or)_S 64 _t\r(common)_S 64 _t\r(means)_S 64 _t\r(of)_S 64 _t\r(communication)_S 64 _t\r(is)_S 64 _t\r(not)_S 64 _t\r(available,)_S 1020 6944 _m\r
(other)_S 64 _t\r(means)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(facsimile)_S 64 _t\r(or)_S 64 _t\r(printed)_S 64 _t\r(information)_S 64 _t\r(disseminated)_S 64 _t\r(via)_S 64 _t\r(mail)_S 64 _t\r(could)_S 64 _t\r(suffice)_S 64 _t\r(or)_S 64 _t\r(could)_S 1020 6673 _m\r
(be)_S 64 _t\r(used)_S 64 _t\r(as)_S 64 _t\r(a)_S 64 _t\r(backup)_S 64 _t\r(measure)_S 64 _t\r(\(however,)_S 64 _t\r(the)_S 64 _t\r(CSIRC's)_S 64 _t\r(ability)_S 64 _t\r(to)_S 64 _t\r(respond)_S 64 _t\r(quickly)_S 64 _t\r(to)_S 64 _t\r(incidents)_S 1020 6402 _m\r
(would)_S 64 _t\r(be)_S 64 _t\r(curtailed\).)_S 128 _t\r(Another)_S 64 _t\r(issue)_S 64 _t\r(in)_S 64 _t\r(constituency)_S 64 _t\r(communications)_S 64 _t\r(is)_S 64 _t\r(whether)_S 64 _t\r(sensitive)_S 64 _t\r(or)_S 64 _t\r(clas-)_S 1020 6131 _m\r
(sified)_S 64 _t\r(information)_S 64 _t\r(will)_S 64 _t\r(be)_S 64 _t\r(communicated;)_S 64 _t\r(a)_S 64 _t\r(means)_S 64 _t\r(for)_S 64 _t\r(trusted)_S 64 _t\r(communications)_S 64 _t\r(might)_S 64 _t\r(be)_S 64 _t\r(required)_S 1020 5860 _m\r
(such)_S 64 _t\r(as)_S 64 _t\r(encryption)_S 64 _t\r(devices)_S 64 _t\r(or)_S 64 _t\r(STU-III)_S 64 _t\r(telephones.)_S /Helvetica-BoldR 580 _ff\r
1020 5310 _m\r
(3.2.2)_S 64 _t\r(Formal)_S 64 _t\r(and)_S 64 _t\r(Informal)_S 64 _t\r(Constituency)_S 1471 4932 _m\r
/Times-RomanR 580 _ff\r
(In)_S 64 _t\r(certain)_S 64 _t\r(situations,)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(will)_S 64 _t\r(serve)_S 64 _t\r(both)_S 64 _t\r(a)_S 64 _t\r/Times-ItalicR 580 _ff\r
(formal)_S /Times-RomanR 580 _ff\r
64 _t\r(and)_S 64 _t\r(an)_S 64 _t\r/Times-ItalicR 580 _ff\r
(informal)_S /Times-RomanR 580 _ff\r
64 _t\r(constituency.)_S 128 _t\r(The)_S 1020 4660 _m\r
(CSIR)_S 64 _t\r(goals)_S 64 _t\r(determine)_S 64 _t\r(the)_S 64 _t\r(formal)_S 64 _t\r(constituency,)_S 64 _t\r(for)_S 64 _t\r(example,)_S 64 _t\r(a)_S 64 _t\r(formal)_S 64 _t\r(constituency)_S 64 _t\r(of)_S 64 _t\r(microcom-)_S 1020 4389 _m\r
(puter)_S 64 _t\r(users)_S 64 _t\r(within)_S 64 _t\r(a)_S 64 _t\r(specified)_S 64 _t\r(agency.)_S 128 _t\r(However,)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(could)_S 64 _t\r(find)_S 64 _t\r(itself)_S 64 _t\r(serving)_S 64 _t\r(an)_S 64 _t\r(informal)_S 1020 4118 _m\r
(constituency)_S 64 _t\r(of)_S 64 _t\r(multi-user)_S 64 _t\r(system)_S 64 _t\r(users)_S 64 _t\r(from)_S 64 _t\r(the)_S 64 _t\r(same)_S 64 _t\r(agency,)_S 64 _t\r(microcomputer)_S 64 _t\r(users)_S 64 _t\r(from)_S 64 _t\r(other)_S 1020 3847 _m\r
(agencies,)_S 128 _t\r(agency)_S 64 _t\r(contractors,)_S 64 _t\r(or)_S 64 _t\r(users)_S 64 _t\r(from)_S 64 _t\r(the)_S 64 _t\r(general)_S 64 _t\r(public.)_S 128 _t\r(This)_S 64 _t\r(situation)_S 64 _t\r(might)_S 64 _t\r(arise)_S 64 _t\r(be-)_S 1020 3576 _m\r
(cause)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(has)_S 64 _t\r(become)_S 64 _t\r(well-known)_S 64 _t\r(and)_S 64 _t\r(may)_S 64 _t\r(be)_S 64 _t\r(the)_S 64 _t\r(only)_S 64 _t\r(such)_S 64 _t\r(capability)_S 64 _t\r(within)_S 64 _t\r(convenient)_S 1020 3305 _m\r
(reach)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(informal)_S 64 _t\r(constituency.)_S 128 _t\r(While)_S 64 _t\r(the)_S 64 _t\r(evolution)_S 64 _t\r(of)_S 64 _t\r(an)_S 64 _t\r(informal)_S 64 _t\r(constituency)_S 64 _t\r(can)_S 64 _t\r(be)_S 64 _t\r(a)_S 1020 3034 _m\r
(sign)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIRC's)_S 64 _t\r(success)_S 64 _t\r(and)_S 64 _t\r(effectiveness,)_S 64 _t\r(it)_S 64 _t\r(can)_S 64 _t\r(also)_S 64 _t\r(cause)_S 64 _t\r(problems.)_S 128 _t\r(A)_S 64 _t\r(CSIRC)_S 64 _t\r(could)_S 64 _t\r(have)_S 1020 2763 _m\r
(difficulty)_S 64 _t\r(turning)_S 64 _t\r(down)_S 64 _t\r(requests)_S 64 _t\r(from)_S 64 _t\r(an)_S 64 _t\r(informal)_S 64 _t\r(constituency)_S 64 _t\r(and)_S 64 _t\r(thus)_S 64 _t\r(find)_S 64 _t\r(itself)_S 64 _t\r(overwhelmed)_S 1020 2492 _m\r
(with)_S 64 _t\r(work.)_S 128 _t\r(Also,)_S 64 _t\r(the)_S 64 _t\r(relations)_S 64 _t\r(between)_S 64 _t\r(agencies)_S 64 _t\r(could)_S 64 _t\r(be)_S 64 _t\r(disrupted)_S 64 _t\r(if,)_S 64 _t\r(for)_S 64 _t\r(example,)_S 64 _t\r(Agency)_S 64 _t\r(A's)_S 1020 2221 _m\r
(users)_S 64 _t\r(prefer)_S 64 _t\r(to)_S 64 _t\r(directly)_S 64 _t\r(contact)_S 64 _t\r(Agency)_S 64 _t\r(B's)_S 64 _t\r(CSIRC)_S 64 _t\r(instead)_S 64 _t\r(of)_S 64 _t\r(going)_S 64 _t\r(through)_S 64 _t\r(Agency)_S 64 _t\r(A's)_S 64 _t\r(own)_S 1020 1950 _m\r
(computer)_S 64 _t\r(security)_S 64 _t\r(channels.)_S 128 _t\r(Thus,)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(needs)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(aware)_S 64 _t\r(of)_S 64 _t\r(its)_S 64 _t\r(requirements)_S 64 _t\r(to)_S 64 _t\r(serve)_S 64 _t\r(its)_S 1020 1679 _m\r
(formal)_S 64 _t\r(constituency,)_S 64 _t\r(despite)_S 64 _t\r(pressures)_S 64 _t\r(from)_S 64 _t\r(other)_S 64 _t\r(communities.)_S /Helvetica-BoldR 700 _ff\r
4823 893 _m\r
/Times-RomanR 580 _ff\r
(10)_S /HelveticaR 700 _ff\r
_ep\r
_bp /HelveticaR 700 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /HelveticaR 700 _ff\r
1380 11534 _m\r
/Helvetica-BoldR 700 _ff\r
(3.3)_S 1831 11534 _m\r
(Determining)_S 78 _t\r(the)_S 78 _t\r(Structure)_S 78 _t\r(of)_S 78 _t\r(the)_S 78 _t\r(CSIRC)_S 78 _t\r(Effort)_S 1831 11120 _m\r
/Times-RomanR 580 _ff\r
(A)_S 64 _t\r(CSIRC)_S 64 _t\r(structure)_S 64 _t\r(can)_S 64 _t\r(take)_S 64 _t\r(different)_S 64 _t\r(forms,)_S 64 _t\r(depending)_S 64 _t\r(on)_S 64 _t\r(agency)_S 64 _t\r(size,)_S 64 _t\r(its)_S 64 _t\r(diversity)_S 64 _t\r(of)_S 64 _t\r(tech-)_S 1380 10849 _m\r
(nologies,)_S 64 _t\r(and)_S 64 _t\r(its)_S 64 _t\r(geographical)_S 64 _t\r(locations.)_S 128 _t\r(When)_S 64 _t\r(determining)_S 64 _t\r(a)_S 64 _t\r(structure,)_S 64 _t\r(keep)_S 64 _t\r(in)_S 64 _t\r(mind)_S 64 _t\r(the)_S 64 _t\r(objec-)_S 1380 10578 _m\r
(tives)_S 64 _t\r(of)_S 64 _t\r(centralized)_S 64 _t\r(response)_S 64 _t\r(and)_S 64 _t\r(avoiding)_S 64 _t\r(duplication)_S 64 _t\r(of)_S 64 _t\r(effort.)_S 128 _t\r(From)_S 64 _t\r(there,)_S 64 _t\r(much)_S 64 _t\r(will)_S 64 _t\r(depend)_S 1380 10307 _m\r
(on)_S 64 _t\r(the)_S 64 _t\r(size)_S 64 _t\r(and)_S 64 _t\r(diversity)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(constituency)_S 64 _t\r(and)_S 64 _t\r(existing)_S 64 _t\r(reporting)_S 64 _t\r(and)_S 64 _t\r(security)_S 64 _t\r(practices)_S 64 _t\r(at)_S 64 _t\r(the)_S 1380 10036 _m\r
(agency.)_S 128 _t\r(Although)_S 64 _t\r(there)_S 64 _t\r(are)_S 64 _t\r(many)_S 64 _t\r(suitable)_S 64 _t\r(structures)_S 64 _t\r(for)_S 64 _t\r(a)_S 64 _t\r(CSIRC,)_S 64 _t\r(the)_S 64 _t\r(following)_S 64 _t\r(paragraphs)_S 64 _t\r(de-)_S 1380 9765 _m\r
(scribe)_S 64 _t\r(two)_S 64 _t\r(general)_S 64 _t\r(approaches.)_S /Helvetica-BoldR 580 _ff\r
1380 9215 _m\r
(3.3.1)_S 64 _t\r(Centralized,)_S 64 _t\r(Distinct)_S 64 _t\r(Organization)_S 1831 8839 _m\r
/Times-RomanR 580 _ff\r
(Certain)_S 64 _t\r(environments)_S 64 _t\r(may)_S 64 _t\r(find)_S 64 _t\r(it)_S 64 _t\r(most)_S 64 _t\r(practical)_S 64 _t\r(to)_S 64 _t\r(utilize)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(that)_S 64 _t\r(is)_S 64 _t\r(separate)_S 64 _t\r(from)_S 64 _t\r(the)_S 1380 8568 _m\r
(agency)_S 64 _t\r(reporting)_S 64 _t\r(structure.)_S 128 _t\r(The)_S 64 _t\r(CSIRC)_S 64 _t\r(may)_S 64 _t\r(operate)_S 64 _t\r(in)_S 64 _t\r(conjunction)_S 64 _t\r(with)_S 64 _t\r(existing)_S 64 _t\r(security)_S 64 _t\r(efforts,)_S 1380 8297 _m\r
(but)_S 64 _t\r(physically)_S 64 _t\r(may)_S 64 _t\r(be)_S 64 _t\r(a)_S 64 _t\r(separate)_S 64 _t\r(group)_S 64 _t\r(that)_S 64 _t\r(can)_S 64 _t\r(be)_S 64 _t\r(contacted)_S 64 _t\r(directly)_S 64 _t\r(by)_S 64 _t\r(agency)_S 64 _t\r(users.)_S 128 _t\r(This)_S 64 _t\r(ap-)_S 1380 8026 _m\r
(proach)_S 64 _t\r(results)_S 64 _t\r(in)_S 64 _t\r(a)_S 64 _t\r(highly)_S 64 _t\r(centralized)_S 64 _t\r(CSIRC)_S 64 _t\r(which)_S 64 _t\r(is)_S 64 _t\r(most)_S 64 _t\r(feasible)_S 64 _t\r(when)_S 64 _t\r(the)_S 64 _t\r(constituency)_S 64 _t\r(is)_S 1380 7755 _m\r
(aligned)_S 64 _t\r(along)_S 64 _t\r(a)_S 64 _t\r(centralized)_S 64 _t\r(communications)_S 64 _t\r(network.)_S 1831 7213 _m\r
(Several)_S 64 _t\r(working)_S 64 _t\r(models)_S 64 _t\r(for)_S 64 _t\r(centralized)_S 64 _t\r(and)_S 64 _t\r(distinct)_S 64 _t\r(CSIRC)_S 64 _t\r(activities)_S 64 _t\r(exist)_S 64 _t\r/Times-RomanR 450 _ff\r
([PETHIA90])_S /Times-RomanR 580 _ff\r
(,)_S 1380 6942 _m\r
/Times-RomanR 450 _ff\r
([SCHULTZ90])_S /Times-RomanR 580 _ff\r
(.)_S 128 _t\r(In)_S 64 _t\r(the)_S 64 _t\r(case)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CERT/CC)_S 64 _t\r(and)_S 64 _t\r(DOE's)_S 64 _t\r(CIAC,)_S 64 _t\r(DARPA)_S 64 _t\r(and)_S 64 _t\r(DOE)_S 64 _t\r(respectively)_S 1380 6671 _m\r
(have)_S 64 _t\r(created)_S 64 _t\r(new)_S 64 _t\r(organizations)_S 64 _t\r(as)_S 64 _t\r(opposed)_S 64 _t\r(to)_S 64 _t\r(augmenting)_S 64 _t\r(existing)_S 64 _t\r(ones.)_S 128 _t\r(Although)_S 64 _t\r(the)_S 64 _t\r(two)_S 64 _t\r(orga-)_S 1380 6400 _m\r
(nizations)_S 64 _t\r(are)_S 64 _t\r(different,)_S 64 _t\r(they)_S 64 _t\r(share)_S 64 _t\r(the)_S 64 _t\r(same)_S 64 _t\r(characteristics)_S 64 _t\r(of)_S 64 _t\r(being)_S 64 _t\r(highly)_S 64 _t\r(centralized,)_S 64 _t\r(they)_S 64 _t\r(oper-)_S 1380 6129 _m\r
(ate)_S 64 _t\r(without)_S 64 _t\r(authority)_S 64 _t\r(to)_S 64 _t\r(enforce)_S 64 _t\r(policies,)_S 64 _t\r(and)_S 64 _t\r(they)_S 64 _t\r(are)_S 64 _t\r(relatively)_S 64 _t\r(small)_S 64 _t\r(in)_S 64 _t\r(size.)_S 128 _t\r(Yet)_S 64 _t\r(by)_S 64 _t\r(virtue)_S 64 _t\r(of)_S 1380 5858 _m\r
(centralization,)_S 64 _t\r(they)_S 64 _t\r(are)_S 64 _t\r(able)_S 64 _t\r(to)_S 64 _t\r(meet)_S 64 _t\r(the)_S 64 _t\r(needs)_S 64 _t\r(of)_S 64 _t\r(very)_S 64 _t\r(large)_S 64 _t\r(constituencies.)_S 1831 5316 _m\r
(This)_S 64 _t\r(model)_S 64 _t\r(can)_S 64 _t\r(be)_S 64 _t\r(reworked)_S 64 _t\r(in)_S 64 _t\r(many)_S 64 _t\r(ways)_S 64 _t\r(to)_S 64 _t\r(fit)_S 64 _t\r(different)_S 64 _t\r(circumstances.)_S 128 _t\r(An)_S 64 _t\r(agency)_S 64 _t\r(or)_S 1380 5045 _m\r
(site)_S 64 _t\r(may)_S 64 _t\r(be)_S 64 _t\r(able)_S 64 _t\r(to)_S 64 _t\r(augment)_S 64 _t\r(an)_S 64 _t\r(existing)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(group)_S 64 _t\r(with)_S 64 _t\r(CSIR)_S 64 _t\r(capabilities,)_S 64 _t\r(such)_S 1380 4774 _m\r
(that)_S 64 _t\r(the)_S 64 _t\r(group)_S 64 _t\r(can)_S 64 _t\r(operate)_S 64 _t\r(as)_S 64 _t\r(a)_S 64 _t\r(discrete)_S 64 _t\r(unit)_S 64 _t\r(for)_S 64 _t\r(the)_S 64 _t\r(location.)_S 128 _t\r(For)_S 64 _t\r(certain)_S 64 _t\r(environments,)_S 64 _t\r(this)_S 64 _t\r(ap-)_S 1380 4503 _m\r
(proach)_S 64 _t\r(is)_S 64 _t\r(more)_S 64 _t\r(cost-effective)_S 64 _t\r(as)_S 64 _t\r(much)_S 64 _t\r(duplication)_S 64 _t\r(of)_S 64 _t\r(effort)_S 64 _t\r(is)_S 64 _t\r(avoided)_S 64 _t\r(and)_S 64 _t\r(centralized)_S 64 _t\r(reporting)_S 64 _t\r(is)_S 1380 4232 _m\r
(rendered)_S 64 _t\r(less)_S 64 _t\r(complicated.)_S 128 _t\r(Additionally,)_S 64 _t\r(this)_S 64 _t\r(structure)_S 64 _t\r(lends)_S 64 _t\r(itself)_S 64 _t\r(to)_S 64 _t\r(a)_S 64 _t\r(contracted)_S 64 _t\r(activity)_S 64 _t\r(if)_S 1380 3961 _m\r
(agency)_S 64 _t\r(expertise)_S 64 _t\r(is)_S 64 _t\r(not)_S 64 _t\r(available.)_S /Helvetica-BoldR 580 _ff\r
1380 3411 _m\r
(3.3.2)_S 64 _t\r(Decentralized,)_S 64 _t\r(Distributed)_S 64 _t\r(Organization)_S 1831 3035 _m\r
/Times-RomanR 580 _ff\r
(For)_S 64 _t\r(a)_S 64 _t\r(variety)_S 64 _t\r(of)_S 64 _t\r(reasons,)_S 64 _t\r(certain)_S 64 _t\r(environments)_S 64 _t\r(may)_S 64 _t\r(find)_S 64 _t\r(it)_S 64 _t\r(difficult)_S 64 _t\r(or)_S 64 _t\r(impractical)_S 64 _t\r(to)_S 64 _t\r(create)_S 64 _t\r(a)_S 1380 2764 _m\r
(CSIRC)_S 64 _t\r(that)_S 64 _t\r(is)_S 64 _t\r(separate)_S 64 _t\r(from)_S 64 _t\r(the)_S 64 _t\r(agency)_S 64 _t\r(reporting)_S 64 _t\r(structure)_S 64 _t\r(or)_S 64 _t\r(that)_S 64 _t\r(is)_S 64 _t\r(centralized)_S 64 _t\r(into)_S 64 _t\r(a)_S 64 _t\r(separate)_S 1380 2493 _m\r
(group.)_S 128 _t\r(For)_S 64 _t\r(example,)_S 64 _t\r(the)_S 64 _t\r(sensitivity)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(agency's)_S 64 _t\r(operations)_S 64 _t\r(may)_S 64 _t\r(make)_S 64 _t\r(it)_S 64 _t\r(difficult)_S 64 _t\r(to)_S 64 _t\r(relinquish)_S 1380 2222 _m\r
(any)_S 64 _t\r(control)_S 64 _t\r(to)_S 64 _t\r(one)_S 64 _t\r(CSIRC)_S 64 _t\r(activity.)_S 128 _t\r(Or,)_S 64 _t\r(the)_S 64 _t\r(diversity)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(technology)_S 64 _t\r(and)_S 64 _t\r(resultant)_S 64 _t\r(constituen-)_S 1380 1951 _m\r
(cies)_S 64 _t\r(may)_S 64 _t\r(require)_S 64 _t\r(a)_S 64 _t\r(less)_S 64 _t\r(unified)_S 64 _t\r(approach.)_S 128 _t\r(The)_S 64 _t\r(existence)_S 64 _t\r(of)_S 64 _t\r(certain)_S 64 _t\r(reporting)_S 64 _t\r(and)_S 64 _t\r(communications)_S 1380 1680 _m\r
(structures)_S 64 _t\r(may)_S 64 _t\r(also)_S 64 _t\r(make)_S 64 _t\r(it)_S 64 _t\r(more)_S 64 _t\r(feasible)_S 64 _t\r(for)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(activity)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(distributed)_S 64 _t\r(among)_S 64 _t\r(several)_S 1380 1409 _m\r
(locations)_S 64 _t\r(and)_S 64 _t\r(levels)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(agency.)_S 5183 893 _m\r
(11)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1471 11578 _m\r
(As)_S 64 _t\r(an)_S 64 _t\r(example,)_S 64 _t\r(an)_S 64 _t\r(agency)_S 64 _t\r(could)_S 64 _t\r(augment)_S 64 _t\r(existing)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(capabilities,)_S 64 _t\r(such)_S 64 _t\r(as)_S 1020 11307 _m\r
(help)_S 64 _t\r(desks)_S 64 _t\r(or)_S 64 _t\r(site)_S 64 _t\r(security)_S 64 _t\r(offices,)_S 64 _t\r(with)_S 64 _t\r(CSIR)_S 64 _t\r(capability.)_S 128 _t\r(Each)_S 64 _t\r(resultant)_S 64 _t\r(CSIRC)_S 64 _t\r(would)_S 64 _t\r(specialize)_S 1020 11036 _m\r
(in)_S 64 _t\r(the)_S 64 _t\r(needs)_S 64 _t\r(of)_S 64 _t\r(its)_S 64 _t\r(local)_S 64 _t\r(constituency.)_S 128 _t\r(However,)_S 64 _t\r(if)_S 64 _t\r(the)_S 64 _t\r(agency)_S 64 _t\r(is)_S 64 _t\r(large,)_S 64 _t\r(many)_S 64 _t\r(such)_S 64 _t\r(CSIRCs)_S 64 _t\r(might)_S 1020 10765 _m\r
(be)_S 64 _t\r(required,)_S 64 _t\r(all)_S 64 _t\r(needing)_S 64 _t\r(to)_S 64 _t\r(report)_S 64 _t\r(to)_S 64 _t\r(a)_S 64 _t\r(centralized)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(capability.)_S 128 _t\r(The)_S 64 _t\r(centralized)_S 1020 10494 _m\r
(capability)_S 64 _t\r(may)_S 64 _t\r(not)_S 64 _t\r(require)_S 64 _t\r(any)_S 64 _t\r(incident)_S 64 _t\r(handling)_S 64 _t\r(expertise,)_S 64 _t\r(but)_S 64 _t\r(would)_S 64 _t\r(minimally)_S 64 _t\r(log)_S 64 _t\r(all)_S 64 _t\r(incidents)_S 1020 10223 _m\r
(and)_S 64 _t\r(facilitate)_S 64 _t\r(communications)_S 64 _t\r(among)_S 64 _t\r(the)_S 64 _t\r(lower-level)_S 64 _t\r(CSIRCs;)_S 64 _t\r(it)_S 64 _t\r(could)_S 64 _t\r(also)_S 64 _t\r(coordinate)_S 64 _t\r(contacts)_S 1020 9952 _m\r
(with)_S 64 _t\r(investigative)_S 64 _t\r(agencies)_S 64 _t\r(and)_S 64 _t\r(the)_S 64 _t\r(press.)_S 128 _t\r(Existing)_S 64 _t\r(management)_S 64 _t\r(structures)_S 64 _t\r(could)_S 64 _t\r(be)_S 64 _t\r(used)_S 64 _t\r(to)_S 64 _t\r(bub-)_S 1020 9681 _m\r
(ble)_S 64 _t\r(information)_S 64 _t\r(up)_S 64 _t\r(and)_S 64 _t\r(down)_S 64 _t\r(throughout)_S 64 _t\r(the)_S 64 _t\r(agency)_S 64 _t\r/Times-RomanR 450 _ff\r
([FEDELI91])_S /Times-RomanR 580 _ff\r
(.)_S 128 _t\r(This)_S 64 _t\r(model)_S 64 _t\r(may)_S 64 _t\r(work)_S 64 _t\r(well)_S 64 _t\r(in)_S 1020 9410 _m\r
(certain)_S 64 _t\r(environments,)_S 64 _t\r(but)_S 64 _t\r(could)_S 64 _t\r(also)_S 64 _t\r(result)_S 64 _t\r(in)_S 64 _t\r(some)_S 64 _t\r(duplication)_S 64 _t\r(of)_S 64 _t\r(effort)_S 64 _t\r(and)_S 64 _t\r(prevent)_S 64 _t\r(incidents)_S 1020 9139 _m\r
(from)_S 64 _t\r(being)_S 64 _t\r(handled)_S 64 _t\r(in)_S 64 _t\r(a)_S 64 _t\r(timely)_S 64 _t\r(manner.)_S 1471 8597 _m\r
(In)_S 64 _t\r(summary,)_S 64 _t\r(it)_S 64 _t\r(is)_S 64 _t\r(difficult)_S 64 _t\r(to)_S 64 _t\r(prescribe)_S 64 _t\r(one)_S 64 _t\r(best)_S 64 _t\r(structure,)_S 64 _t\r(as)_S 64 _t\r(each)_S 64 _t\r(agency)_S 64 _t\r(has)_S 64 _t\r(different)_S 64 _t\r(re-)_S 1020 8326 _m\r
(quirements.)_S 128 _t\r(The)_S 64 _t\r(objectives)_S 64 _t\r(and)_S 64 _t\r(goals)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIR)_S 64 _t\r(effort)_S 64 _t\r(may)_S 64 _t\r(have)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(adjusted)_S 64 _t\r(somewhat)_S 64 _t\r(with)_S 1020 8055 _m\r
(existing)_S 64 _t\r(practices)_S 64 _t\r(and)_S 64 _t\r(the)_S 64 _t\r(nature)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(agency;)_S 64 _t\r(however)_S 64 _t\r(too)_S 64 _t\r(much)_S 64 _t\r(compromise)_S 64 _t\r(could)_S 64 _t\r(result)_S 64 _t\r(in)_S 64 _t\r(an)_S 1020 7784 _m\r
(unwieldy)_S 64 _t\r(approach)_S 64 _t\r(that)_S 64 _t\r(may)_S 64 _t\r(prove)_S 64 _t\r(inefficient)_S 64 _t\r(and)_S 64 _t\r(too)_S 64 _t\r(expensive.)_S /Helvetica-BoldR 700 _ff\r
1020 7154 _m\r
(3.4)_S 1471 7154 _m\r
(Management)_S 78 _t\r(Support)_S 78 _t\r(and)_S 78 _t\r(Funding)_S 1471 6740 _m\r
/Times-RomanR 580 _ff\r
(The)_S 64 _t\r(establishment)_S 64 _t\r(and)_S 64 _t\r(operation)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(requires)_S 64 _t\r(significant)_S 64 _t\r(time)_S 64 _t\r(and)_S 64 _t\r(resources.)_S 128 _t\r(With-)_S 1020 6469 _m\r
(out)_S 64 _t\r(proper)_S 64 _t\r(support)_S 64 _t\r(from)_S 64 _t\r(management)_S 64 _t\r(for)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(effort)_S 64 _t\r(and)_S 64 _t\r(for)_S 64 _t\r(policies)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(centralized)_S 1020 6198 _m\r
(reporting,)_S 64 _t\r(an)_S 64 _t\r(effective)_S 64 _t\r(CSIRC)_S 64 _t\r(is)_S 64 _t\r(not)_S 64 _t\r(possible.)_S 128 _t\r(Furthermore,)_S 64 _t\r(a)_S 64 _t\r("rogue")_S 64 _t\r(CSIRC)_S 64 _t\r(may)_S 64 _t\r(cause)_S 64 _t\r(an)_S 1020 5927 _m\r
(agency)_S 64 _t\r(more)_S 64 _t\r(harm)_S 64 _t\r(that)_S 64 _t\r(good)_S 64 _t\r(and)_S 64 _t\r(reduce)_S 64 _t\r(the)_S 64 _t\r(likelihood)_S 64 _t\r(of)_S 64 _t\r(funding)_S 64 _t\r(for)_S 64 _t\r(an)_S 64 _t\r(approved)_S 64 _t\r(CSIRC.)_S /Helvetica-BoldR 580 _ff\r
1020 5377 _m\r
(3.4.1)_S 64 _t\r(Funding)_S 64 _t\r(and)_S 64 _t\r(Staffing)_S 64 _t\r(Issues)_S 1471 5001 _m\r
/Times-RomanR 580 _ff\r
(A)_S 64 _t\r(CSIRC)_S 64 _t\r(requires)_S 64 _t\r(two)_S 64 _t\r(types)_S 64 _t\r(of)_S 64 _t\r(funding:)_S 64 _t\r(start-up)_S 64 _t\r(and)_S 64 _t\r(continued)_S 64 _t\r(funding.)_S 128 _t\r(Start-up)_S 64 _t\r(funding)_S 1020 4730 _m\r
(includes)_S 64 _t\r(items)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(computer)_S 64 _t\r(equipment,)_S 64 _t\r(new)_S 64 _t\r(hires,)_S 64 _t\r(communications)_S 64 _t\r(facilities,)_S 64 _t\r(and)_S 64 _t\r(offices.)_S 64 _t\r1020 4459 _m\r
(Continued)_S 64 _t\r(funding)_S 64 _t\r(includes)_S 64 _t\r(items)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(salary)_S 64 _t\r(growth,)_S 64 _t\r(inflation,)_S 64 _t\r(travel,)_S 64 _t\r(workshop)_S 64 _t\r(and)_S 64 _t\r(resource)_S 1020 4188 _m\r
(center)_S 64 _t\r(expenses,)_S 64 _t\r(and)_S 64 _t\r(equipment)_S 64 _t\r(maintenance.)_S 1471 3646 _m\r
(A)_S 64 _t\r(CSIRC)_S 64 _t\r(plan)_S 64 _t\r(might)_S 64 _t\r(calls)_S 64 _t\r(for)_S 64 _t\r(at)_S 64 _t\r(least)_S 64 _t\r(one)_S 64 _t\r(manager)_S 64 _t\r(and)_S 64 _t\r(one)_S 64 _t\r(or)_S 64 _t\r(more)_S 64 _t\r(technical)_S 64 _t\r(staff)_S 64 _t\r(mem-)_S 1020 3375 _m\r
(bers.)_S 128 _t\r(A)_S 64 _t\r(basic)_S 64 _t\r(level)_S 64 _t\r(of)_S 64 _t\r(staffing)_S 64 _t\r(is)_S 64 _t\r(required)_S 64 _t\r(to)_S 64 _t\r(accomplish)_S 64 _t\r(all)_S 64 _t\r(goals)_S 64 _t\r(and)_S 64 _t\r(avoid)_S 64 _t\r(burn-out.)_S 128 _t\r(Since)_S 64 _t\r(it)_S 1020 3104 _m\r
(may)_S 64 _t\r(be)_S 64 _t\r(difficult)_S 64 _t\r(to)_S 64 _t\r(identify)_S 64 _t\r(all)_S 64 _t\r(staffing)_S 64 _t\r(costs)_S 64 _t\r(at)_S 64 _t\r(the)_S 64 _t\r(outset,)_S 64 _t\r(the)_S 64 _t\r(following)_S 64 _t\r(year's)_S 64 _t\r(funding)_S 64 _t\r(estimates)_S 1020 2833 _m\r
(should)_S 64 _t\r(account)_S 64 _t\r(for)_S 64 _t\r(possible)_S 64 _t\r(growth)_S 64 _t\r(in)_S 64 _t\r(staff.)_S 1471 2291 _m\r
(Management)_S 64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(presented)_S 64 _t\r(with)_S 64 _t\r(several)_S 64 _t\r(alternative)_S 64 _t\r(CSIRC)_S 64 _t\r(configurations,)_S 64 _t\r(with)_S 64 _t\r(their)_S 1020 2020 _m\r
(respective)_S 64 _t\r(funding)_S 64 _t\r(and)_S 64 _t\r(staffing)_S 64 _t\r(estimates.)_S 128 _t\r(For)_S 64 _t\r(example,)_S 64 _t\r(a)_S 64 _t\r(full)_S 64 _t\r(CSIRC)_S 64 _t\r(effort)_S 64 _t\r(could)_S 64 _t\r(be)_S 64 _t\r(scaled)_S 64 _t\r(back)_S 1020 1749 _m\r
(and)_S 64 _t\r(presented)_S 64 _t\r(as)_S 64 _t\r(an)_S 64 _t\r(alternative,)_S 64 _t\r(with)_S 64 _t\r(the)_S 64 _t\r(appropriate)_S 64 _t\r(trade-offs)_S 64 _t\r(noted.)_S 4823 893 _m\r
(12)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
/HelveticaR 580 _ff\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /HelveticaR 580 _ff\r
1380 11565 _m\r
/Helvetica-BoldR 580 _ff\r
(3.4.2)_S 64 _t\r(Effecting)_S 64 _t\r(Centralized)_S 64 _t\r(Reporting)_S 64 _t\r(of)_S 64 _t\r(Incidents)_S 1831 11189 _m\r
/Times-RomanR 580 _ff\r
(Once)_S 64 _t\r(management)_S 64 _t\r(support)_S 64 _t\r(for)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(is)_S 64 _t\r(established,)_S 64 _t\r(agency)_S 64 _t\r(officials)_S 64 _t\r(need)_S 64 _t\r(to)_S 64 _t\r(issue)_S 64 _t\r(poli-)_S 1380 10918 _m\r
(cies)_S 64 _t\r(to)_S 64 _t\r(direct)_S 64 _t\r(the)_S 64 _t\r(reporting)_S 64 _t\r(of)_S 64 _t\r(computer)_S 64 _t\r(security-related)_S 64 _t\r(problems)_S 64 _t\r(to)_S 64 _t\r(a)_S 64 _t\r(central)_S 64 _t\r(point)_S 64 _t\r(of)_S 64 _t\r(contact,)_S 1380 10647 _m\r
(such)_S 64 _t\r(as)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(hotline)_S 64 _t\r(or)_S 64 _t\r(e-mail)_S 64 _t\r(address.)_S 128 _t\r(Centralized)_S 64 _t\r(reporting)_S 64 _t\r(is)_S 64 _t\r(vital)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(CSIRC's)_S 64 _t\r(abili-)_S 1380 10376 _m\r
(ty)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(effective;)_S 64 _t\r(if)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(is)_S 64 _t\r(a)_S 64 _t\r(single)_S 64 _t\r(point)_S 64 _t\r(of)_S 64 _t\r(contact)_S 64 _t\r(for)_S 64 _t\r(its)_S 64 _t\r(constituency,)_S 64 _t\r(it)_S 64 _t\r(is)_S 64 _t\r(then)_S 64 _t\r(possible)_S 1380 10105 _m\r
(to)_S 64 _t\r(respond)_S 64 _t\r(to)_S 64 _t\r(all)_S 64 _t\r(incidents)_S 64 _t\r(and)_S 64 _t\r(to)_S 64 _t\r(determine)_S 64 _t\r(whether)_S 64 _t\r(incidents)_S 64 _t\r(are)_S 64 _t\r(related.)_S 128 _t\r(With)_S 64 _t\r(centralized)_S 64 _t\r(re-)_S 1380 9834 _m\r
(porting,)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(can)_S 64 _t\r(also)_S 64 _t\r(develop)_S 64 _t\r(accurate)_S 64 _t\r(statistics)_S 64 _t\r(on)_S 64 _t\r(the)_S 64 _t\r(size,)_S 64 _t\r(nature,)_S 64 _t\r(and)_S 64 _t\r(extent)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(securi-)_S 1380 9563 _m\r
(ty)_S 64 _t\r(problems)_S 64 _t\r(within)_S 64 _t\r(the)_S 64 _t\r(agency.)_S /Helvetica-BoldR 700 _ff\r
1380 8933 _m\r
(3.5)_S 1831 8933 _m\r
(Creating)_S 78 _t\r(a)_S 78 _t\r(Charter)_S 1831 8519 _m\r
/Times-RomanR 580 _ff\r
(Incident)_S 64 _t\r(response)_S 64 _t\r(is)_S 64 _t\r(fraught)_S 64 _t\r(with)_S 64 _t\r(many)_S 64 _t\r(difficulties)_S 64 _t\r(that)_S 64 _t\r(arise)_S 64 _t\r(out)_S 64 _t\r(of)_S 64 _t\r(confusion)_S 64 _t\r(over)_S 64 _t\r(roles)_S 64 _t\r(and)_S 1380 8248 _m\r
(responsibilities.)_S 128 _t\r(A)_S 64 _t\r(charter)_S 64 _t\r(helps)_S 64 _t\r(to)_S 64 _t\r(resolve)_S 64 _t\r(these)_S 64 _t\r(conflicts)_S 64 _t\r(as)_S 64 _t\r(well)_S 64 _t\r(as)_S 64 _t\r(other)_S 64 _t\r(turf)_S 64 _t\r(issues)_S 64 _t\r(that)_S 64 _t\r(arise.)_S 64 _t\r1380 7977 _m\r
(The)_S 64 _t\r(charter)_S 64 _t\r(is)_S 64 _t\r(a)_S 64 _t\r(statement)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIRC's)_S 64 _t\r(purpose)_S 64 _t\r(and)_S 64 _t\r(function.)_S 128 _t\r(It)_S 64 _t\r(represents)_S 64 _t\r(management's)_S 1380 7706 _m\r
(acknowledgment)_S 64 _t\r(and)_S 64 _t\r(approval)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(effort.)_S 128 _t\r(The)_S 64 _t\r(charter)_S 64 _t\r(lists)_S 64 _t\r(the)_S 64 _t\r(requirements)_S 64 _t\r(that)_S 64 _t\r(the)_S 1380 7435 _m\r
(CSIRC)_S 64 _t\r(must)_S 64 _t\r(satisfy)_S 64 _t\r(and)_S 64 _t\r(lays)_S 64 _t\r(out)_S 64 _t\r(the)_S 64 _t\r(boundaries)_S 64 _t\r(or)_S 64 _t\r(scope)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(effort.)_S 128 _t\r(It)_S 64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(made)_S 1380 7164 _m\r
(available)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(agency)_S 64 _t\r(for)_S 64 _t\r(use)_S 64 _t\r(as)_S 64 _t\r(a)_S 64 _t\r(reference.)_S /Helvetica-BoldR 580 _ff\r
1380 6614 _m\r
(3.5.1)_S 64 _t\r(Legal)_S 64 _t\r(Issues)_S 64 _t\r(in)_S 64 _t\r(Determining)_S 64 _t\r(a)_S 64 _t\r(Charter)_S 1831 6238 _m\r
/Times-RomanR 450 _ff\r
([STEWART89])_S /Times-RomanR 580 _ff\r
64 _t\r(notes)_S 64 _t\r(that)_S 64 _t\r(CSIRC)_S 64 _t\r(activity)_S 64 _t\r(raises)_S 64 _t\r(several)_S 64 _t\r(legal)_S 64 _t\r(issues,)_S 64 _t\r(mostly)_S 64 _t\r(involving)_S 64 _t\r(liabili-)_S 1380 5967 _m\r
(ties)_S 64 _t\r(that)_S 64 _t\r(may)_S 64 _t\r(be)_S 64 _t\r(incurred)_S 64 _t\r(as)_S 64 _t\r(a)_S 64 _t\r(result)_S 64 _t\r(of)_S 64 _t\r(intentional,)_S 64 _t\r(reckless)_S 64 _t\r(or)_S 64 _t\r(negligent)_S 64 _t\r(conduct)_S 64 _t\r(on)_S 64 _t\r(the)_S 64 _t\r(part)_S 64 _t\r(of)_S 1380 5696 _m\r
(the)_S 64 _t\r(CSIRC)_S 64 _t\r(that)_S 64 _t\r(could)_S 64 _t\r(cause)_S 64 _t\r(injury)_S 64 _t\r(to)_S 64 _t\r(another)_S 64 _t\r(party.)_S /Times-RomanR 350 _ff\r
5474 5776 _m\r
(3)_S 5532 5776 _m\r
/Times-RomanR 580 _ff\r
5532 5696 _m\r
128 _t\r(Even)_S 64 _t\r(though)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(is)_S 64 _t\r(performing)_S 64 _t\r(a)_S 1380 5425 _m\r
(useful)_S 64 _t\r(service,)_S 64 _t\r(it)_S 64 _t\r(may)_S 64 _t\r(be)_S 64 _t\r(liable)_S 64 _t\r(to)_S 64 _t\r(software)_S 64 _t\r(vendors,)_S 64 _t\r(users,)_S 64 _t\r(or)_S 64 _t\r(others)_S 64 _t\r(if)_S 64 _t\r(it)_S 64 _t\r(performs)_S 64 _t\r(its)_S 64 _t\r(work)_S 64 _t\r(negli-)_S 1380 4868 _m\r
_U 3780 4868 _m\r
_u 1380 4528 _m\r
64 _t\r64 _t\r64 _t\r64 _t\r64 _t\r/Times-RomanR 350 _ff\r
1700 4608 _m\r
(3)_S 1758 4608 _m\r
/Times-RomanR 475 _ff\r
1758 4528 _m\r
([STEWART89])_S 56 _t\r(is)_S 56 _t\r(oriented)_S 56 _t\r(towards)_S 56 _t\r(those)_S 56 _t\r(who)_S 56 _t\r(would)_S 56 _t\r(establish)_S 56 _t\r/Times-ItalicR 475 _ff\r
(Computer)_S 56 _t\r(Security)_S 56 _t\r(Response)_S 56 _t\r(Centers)_S /Times-RomanR 475 _ff\r
56 _t\r(\(CSRCs\))_S 56 _t\r(for)_S 1380 4327 _m\r
(the)_S 54 _t\r(Internet;)_S 54 _t\r(it)_S 54 _t\r(does)_S 55 _t\r(not)_S 54 _t\r(purport)_S 54 _t\r(to)_S 54 _t\r(provide)_S 54 _t\r(definitive)_S 54 _t\r(legal)_S 55 _t\r(advice.)_S 108 _t\r(It)_S 55 _t\r(states)_S 54 _t\r(that)_S 54 _t\r(the)_S 54 _t\r(implementation)_S 54 _t\r(of)_S 54 _t\r(a)_S 55 _t\r(CSRC)_S 54 _t\r(raises)_S 54 _t\r(a)_S 1380 4136 _m\r
(number)_S 53 _t\r(of)_S 53 _t\r(legal)_S 53 _t\r(issues,)_S 53 _t\r(including)_S 53 _t\r(the)_S 53 _t\r(following:)_S 1831 3945 _m\r
(\267)_S 2003 3945 _m\r
(What)_S 64 _t\r(is)_S 64 _t\r(a)_S 64 _t\r(CSRC's)_S 63 _t\r(liability)_S 64 _t\r(if,)_S 64 _t\r(having)_S 64 _t\r(undertaken)_S 63 _t\r(to)_S 64 _t\r(assist)_S 64 _t\r(in)_S 64 _t\r(the)_S 63 _t\r(protection)_S 64 _t\r(of)_S 64 _t\r(Internet,)_S 64 _t\r(it)_S 63 _t\r(fails)_S 64 _t\r(to)_S 64 _t\r(do)_S 64 _t\r(so)_S 63 _t\r(and)_S 2003 3773 _m\r
(someone)_S 53 _t\r(is)_S 53 _t\r(harmed)_S 53 _t\r(as)_S 53 _t\r(a)_S 53 _t\r(result?)_S 1831 3582 _m\r
(\267)_S 2003 3582 _m\r
(What)_S 53 _t\r(is)_S 53 _t\r(a)_S 53 _t\r(CSRC's)_S 53 _t\r(liability)_S 53 _t\r(if)_S 52 _t\r(it)_S 53 _t\r(reports)_S 53 _t\r(a)_S 53 _t\r(software)_S 52 _t\r(bug)_S 53 _t\r(to)_S 53 _t\r(a)_S 53 _t\r(publisher)_S 52 _t\r(or)_S 53 _t\r(to)_S 53 _t\r(users)_S 53 _t\r(and)_S 53 _t\r(the)_S 52 _t\r(bug)_S 53 _t\r(does)_S 53 _t\r(not,)_S 53 _t\r(in)_S 52 _t\r(fact,)_S 2003 3410 _m\r
(exist?)_S 1831 3219 _m\r
(\267)_S 2003 3219 _m\r
(How)_S 53 _t\r(should)_S 53 _t\r(legal)_S 53 _t\r(concerns)_S 53 _t\r(shape)_S 53 _t\r(a)_S 53 _t\r(CSRC's)_S 53 _t\r(planned)_S 53 _t\r(collection)_S 53 _t\r(and)_S 53 _t\r(notification)_S 53 _t\r(procedures,)_S 53 _t\r(if)_S 53 _t\r(at)_S 53 _t\r(all?)_S 1380 2837 _m\r
(It)_S 54 _t\r(states)_S 54 _t\r(that)_S 54 _t\r(most)_S 54 _t\r(of)_S 53 _t\r(the)_S 54 _t\r(liabilities)_S 54 _t\r(facing)_S 54 _t\r(a)_S 54 _t\r(CSRC)_S 54 _t\r(are)_S 53 _t\r(in)_S 54 _t\r(the)_S 54 _t\r(nature)_S 54 _t\r(of)_S 54 _t\r(torts,)_S 53 _t\r(i.e.,)_S 54 _t\r(the)_S 54 _t\r(civil)_S 54 _t\r(liabilities)_S 54 _t\r(the)_S 54 _t\r(law)_S 53 _t\r(imposes)_S 54 _t\r(for)_S 1380 2646 _m\r
(intentional,)_S 68 _t\r(reckless,)_S 68 _t\r(or)_S 68 _t\r(negligent)_S 68 _t\r(conduct)_S 68 _t\r(that)_S 68 _t\r(causes)_S 68 _t\r(injury)_S 68 _t\r(to)_S 68 _t\r(another.)_S 68 _t\r(It)_S 68 _t\r(then)_S 68 _t\r(suggests)_S 68 _t\r(that)_S 69 _t\r(a)_S 68 _t\r(CSRC)_S 68 _t\r(could)_S 68 _t\r(limit)_S 68 _t\r(its)_S 1380 2455 _m\r
(exposure)_S 52 _t\r(by)_S 52 _t\r(clearly)_S 52 _t\r(declaring)_S 53 _t\r(that)_S 52 _t\r(\(a\))_S 52 _t\r(its)_S 52 _t\r(sole)_S 52 _t\r(purpose)_S 52 _t\r(is)_S 52 _t\r(to)_S 52 _t\r(evaluate)_S 53 _t\r(and)_S 52 _t\r(report)_S 52 _t\r(software)_S 52 _t\r(defects,)_S 52 _t\r(\(b\))_S 52 _t\r(it)_S 52 _t\r(will)_S 53 _t\r(not)_S 52 _t\r(be)_S 52 _t\r(in)_S 52 _t\r(the)_S 1380 2264 _m\r
(business)_S 55 _t\r(of)_S 56 _t\r(independently)_S 56 _t\r(uncovering)_S 56 _t\r(software)_S 55 _t\r(defects,)_S 56 _t\r(\(c\))_S 56 _t\r(it)_S 56 _t\r(does)_S 55 _t\r(not)_S 56 _t\r(purport)_S 56 _t\r(to)_S 56 _t\r(displace)_S 55 _t\r(the)_S 56 _t\r(obligations)_S 56 _t\r(software)_S 56 _t\r(pub-)_S 1380 2073 _m\r
(lishers)_S 54 _t\r(have)_S 53 _t\r(to)_S 54 _t\r(computer)_S 54 _t\r(users,)_S 54 _t\r(\(d\))_S 54 _t\r(its)_S 54 _t\r(efforts)_S 54 _t\r(should)_S 54 _t\r(be)_S 53 _t\r(viewed)_S 54 _t\r(as)_S 54 _t\r(mere)_S 54 _t\r(supplements)_S 54 _t\r(to)_S 54 _t\r(the)_S 53 _t\r(efforts)_S 54 _t\r(of)_S 54 _t\r(Internet)_S 54 _t\r(users)_S 54 _t\r(and)_S 1380 1882 _m\r
(beneficiaries)_S 46 _t\r(to)_S 47 _t\r(protect)_S 46 _t\r(the)_S 47 _t\r(Internet,)_S 46 _t\r(\(e\))_S 46 _t\r(it)_S 47 _t\r(encourages)_S 46 _t\r(users)_S 47 _t\r(to)_S 46 _t\r(purchase)_S 47 _t\r(software)_S 46 _t\r(maintenance)_S 47 _t\r(from)_S 46 _t\r(publishers)_S 46 _t\r(and)_S 47 _t\r(remain)_S 1380 1691 _m\r
(in)_S 59 _t\r(contact)_S 59 _t\r(with)_S 59 _t\r(publishers)_S 59 _t\r(and)_S 58 _t\r(\(f\))_S 59 _t\r(it)_S 59 _t\r(is)_S 59 _t\r(undertaking)_S 59 _t\r(these)_S 59 _t\r(duties)_S 59 _t\r(for)_S 59 _t\r(the)_S 59 _t\r(purpose)_S 59 _t\r(of)_S 59 _t\r(assisting)_S 59 _t\r(publishers,)_S 59 _t\r(users)_S 59 _t\r(and)_S 59 _t\r(other)_S 1380 1500 _m\r
(beneficiaries)_S 46 _t\r(in)_S 47 _t\r(protecting)_S 46 _t\r(the)_S 46 _t\r(viability)_S 47 _t\r(of)_S 46 _t\r(the)_S 47 _t\r(Internet)_S 46 _t\r(network)_S 46 _t\r(and)_S 47 _t\r(not)_S 46 _t\r(attempting)_S 46 _t\r(to)_S 47 _t\r(protect)_S 46 _t\r(the)_S 47 _t\r(security)_S 46 _t\r(of)_S 46 _t\r(any)_S 47 _t\r(particular)_S 1380 1309 _m\r
(computer)_S 53 _t\r(system)_S 53 _t\r(or)_S 53 _t\r(user.)_S /Times-RomanR 580 _ff\r
5183 893 _m\r
(13)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1020 11578 _m\r
(gently.)_S 128 _t\r(A)_S 64 _t\r(CSIRC)_S 64 _t\r(might)_S 64 _t\r(limit)_S 64 _t\r(its)_S 64 _t\r(legal)_S 64 _t\r(exposure)_S 64 _t\r(by)_S 64 _t\r(clearly)_S 64 _t\r(declaring)_S 64 _t\r(within)_S 64 _t\r(the)_S 64 _t\r(charter)_S 64 _t\r(what)_S 64 _t\r(the)_S 1020 11307 _m\r
(CSIRC)_S 64 _t\r(is)_S 64 _t\r(and)_S 64 _t\r(is)_S 64 _t\r(not)_S 64 _t\r(purporting)_S 64 _t\r(to)_S 64 _t\r(do,)_S 64 _t\r(how)_S 64 _t\r(it)_S 64 _t\r(will)_S 64 _t\r(accomplish)_S 64 _t\r(its)_S 64 _t\r(goals,)_S 64 _t\r(and)_S 64 _t\r(where)_S 64 _t\r(its)_S 64 _t\r(boundaries)_S 1020 11036 _m\r
(of)_S 64 _t\r(involvement)_S 64 _t\r(lay.)_S 128 _t\r(Appropriate)_S 64 _t\r(legal)_S 64 _t\r(advisors)_S 64 _t\r(need)_S 64 _t\r(to)_S 64 _t\r(review)_S 64 _t\r(the)_S 64 _t\r(charter)_S 64 _t\r(and)_S 64 _t\r(all)_S 64 _t\r(other)_S 64 _t\r(proce-)_S 1020 10765 _m\r
(dures)_S 64 _t\r(in)_S 64 _t\r(use)_S 64 _t\r(by)_S 64 _t\r(a)_S 64 _t\r(CSIRC.)_S /Helvetica-BoldR 580 _ff\r
1020 10215 _m\r
(3.5.2)_S 64 _t\r(Components)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(Charter)_S 1471 9839 _m\r
/Times-RomanR 580 _ff\r
(A)_S 64 _t\r(CSIRC)_S 64 _t\r(charter)_S 64 _t\r(should)_S 64 _t\r(include)_S 64 _t\r(the)_S 64 _t\r(following)_S 64 _t\r(\(or)_S 64 _t\r(equivalent\))_S 64 _t\r(sections)_S 64 _t\r(to)_S 64 _t\r(describe)_S 64 _t\r(the)_S 64 _t\r(pur-)_S 1020 9568 _m\r
(pose)_S 64 _t\r(and)_S 64 _t\r(scope)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(effort)_S 64 _t\r/Times-RomanR 450 _ff\r
([STEINBERG89])_S /Times-RomanR 580 _ff\r
(:)_S 1471 9297 _m\r
(1.)_S 64 _t\r(Executive)_S 64 _t\r(Summary)_S 1471 9026 _m\r
(2.)_S 64 _t\r(Responsibilities)_S 1471 8755 _m\r
(3.)_S 64 _t\r(Methods)_S 1471 8484 _m\r
(4.)_S 64 _t\r(Reporting)_S 64 _t\r(Structure)_S 64 _t\r(and)_S 64 _t\r(Staffing)_S /Times-ItalicR 580 _ff\r
1020 7940 _m\r
(Executive)_S 64 _t\r(Summary)_S /Times-RomanR 580 _ff\r
64 _t\r(-)_S 64 _t\r(to)_S 64 _t\r(quickly)_S 64 _t\r(acquaint)_S 64 _t\r(readers)_S 64 _t\r(with)_S 64 _t\r(the)_S 64 _t\r(existence)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIRC,)_S 64 _t\r(its)_S 64 _t\r(overall)_S 1020 7668 _m\r
(scope)_S 64 _t\r(of)_S 64 _t\r(responsibilities,)_S 64 _t\r(and)_S 64 _t\r(other)_S 64 _t\r(basic)_S 64 _t\r(information.)_S 1020 7124 _m\r
/Times-ItalicR 580 _ff\r
(Responsibilities)_S /Times-RomanR 580 _ff\r
64 _t\r(-)_S 128 _t\r(a)_S 64 _t\r(description)_S 64 _t\r(of)_S 64 _t\r(what)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(is)_S 64 _t\r(and)_S 64 _t\r(is)_S 64 _t\r(not)_S 64 _t\r(purporting)_S 64 _t\r(to)_S 64 _t\r(do.)_S 128 _t\r(To)_S 64 _t\r(limit)_S 64 _t\r(its)_S 1020 6852 _m\r
(legal)_S 64 _t\r(exposure,)_S 64 _t\r(this)_S 64 _t\r(section)_S 64 _t\r(states)_S 64 _t\r(the)_S 64 _t\r(express)_S 64 _t\r(purpose)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(effort)_S 64 _t\r(and)_S 64 _t\r(defines)_S 64 _t\r(the)_S 64 _t\r(bound-)_S 1020 6581 _m\r
(aries)_S 64 _t\r(of)_S 64 _t\r(involvement)_S 64 _t\r(for)_S 64 _t\r(the)_S 64 _t\r(CSIRC,)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(when)_S 64 _t\r(dealing)_S 64 _t\r(with)_S 64 _t\r(classified)_S 64 _t\r(matters)_S 64 _t\r(or)_S 64 _t\r(matters)_S 64 _t\r(in-)_S 1020 6310 _m\r
(volving)_S 64 _t\r(other)_S 64 _t\r(agencies)_S 64 _t\r(or)_S 64 _t\r(contractors.)_S 1020 5766 _m\r
/Times-ItalicR 580 _ff\r
(Methods)_S /Times-RomanR 580 _ff\r
64 _t\r(-)_S 64 _t\r(defines)_S 64 _t\r(in)_S 64 _t\r(a)_S 64 _t\r(high-level)_S 64 _t\r(manner)_S 64 _t\r(how)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(will)_S 64 _t\r(meet)_S 64 _t\r(its)_S 64 _t\r(responsibilities)_S 64 _t\r(and)_S 64 _t\r(re-)_S 1020 5494 _m\r
(quirements)_S 64 _t\r(and)_S 64 _t\r(the)_S 64 _t\r(general)_S 64 _t\r(approach)_S 64 _t\r(used)_S 64 _t\r(by)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(for)_S 64 _t\r(dealing)_S 64 _t\r(with)_S 64 _t\r(certain)_S 64 _t\r(types)_S 64 _t\r(of)_S 64 _t\r(threats)_S 1020 5223 _m\r
(and)_S 64 _t\r(for)_S 64 _t\r(reducing)_S 64 _t\r(risks)_S 64 _t\r(in)_S 64 _t\r(the)_S 64 _t\r(affected)_S 64 _t\r(areas.)_S 1020 4679 _m\r
/Times-ItalicR 580 _ff\r
(Reporting)_S 64 _t\r(and)_S 64 _t\r(Staffing)_S /Times-RomanR 580 _ff\r
64 _t\r(-)_S 64 _t\r(identifies)_S 64 _t\r(how)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(will)_S 64 _t\r(fit)_S 64 _t\r(within)_S 64 _t\r(the)_S 64 _t\r(organizational)_S 64 _t\r(structure)_S 64 _t\r(of)_S 1020 4407 _m\r
(the)_S 64 _t\r(agency)_S 64 _t\r(and)_S 64 _t\r(the)_S 64 _t\r(staffing)_S 64 _t\r(and)_S 64 _t\r(funding)_S 64 _t\r(requirements.)_S 128 _t\r(This)_S 64 _t\r(helps)_S 64 _t\r(to)_S 64 _t\r(quickly)_S 64 _t\r(resolve)_S 64 _t\r(boundary)_S 1020 4136 _m\r
(disputes)_S 64 _t\r(and)_S 64 _t\r(other)_S 64 _t\r(potential)_S 64 _t\r(conflicts)_S 64 _t\r(over)_S 64 _t\r(who)_S 64 _t\r(should)_S 64 _t\r(handle)_S 64 _t\r(certain)_S 64 _t\r(types)_S 64 _t\r(of)_S 64 _t\r(computer)_S 64 _t\r(security)_S 1020 3865 _m\r
(problems.)_S /Helvetica-BoldR 700 _ff\r
1020 3235 _m\r
(3.6)_S 1471 3235 _m\r
(Creating)_S 78 _t\r(a)_S 78 _t\r(CSIRC)_S 78 _t\r(Operations)_S 78 _t\r(Handbook)_S 1471 2819 _m\r
/Times-RomanR 580 _ff\r
(The)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Operations)_S 64 _t\r(Handbook)_S /Times-RomanR 580 _ff\r
64 _t\r(contains)_S 64 _t\r(the)_S 64 _t\r(procedures)_S 64 _t\r(that)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(will)_S 64 _t\r(follow)_S 64 _t\r(and)_S 64 _t\r(refer)_S 64 _t\r(to)_S 1020 2547 _m\r
(during)_S 64 _t\r(its)_S 64 _t\r(daily)_S 64 _t\r(activities.)_S 128 _t\r(It)_S 64 _t\r(provides)_S 64 _t\r(a)_S 64 _t\r(single)_S 64 _t\r(point)_S 64 _t\r(of)_S 64 _t\r(reference)_S 64 _t\r(for)_S 64 _t\r(outlining)_S 64 _t\r(the)_S 64 _t\r(operating)_S 64 _t\r(pro-)_S 1020 2276 _m\r
(cedures)_S 64 _t\r(as)_S 64 _t\r(they)_S 64 _t\r(are)_S 64 _t\r(developed)_S 64 _t\r(and)_S 64 _t\r(implemented.)_S 128 _t\r(The)_S 64 _t\r(handbook)_S 64 _t\r(is)_S 64 _t\r(an)_S 64 _t\r(evolving)_S 64 _t\r(document)_S 64 _t\r(that)_S 1020 2005 _m\r
(will)_S 64 _t\r(undergo)_S 64 _t\r(changes)_S 64 _t\r(and)_S 64 _t\r(modifications)_S 64 _t\r(over)_S 64 _t\r(time)_S 64 _t\r(and)_S 64 _t\r(as)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(effort)_S 64 _t\r(gains)_S 64 _t\r(experience)_S 64 _t\r(and)_S 1020 1734 _m\r
(benefits)_S 64 _t\r(from)_S 64 _t\r(lessons)_S 64 _t\r(learned.)_S 128 _t\r(Like)_S 64 _t\r(the)_S 64 _t\r(charter,)_S 64 _t\r(it)_S 64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(reviewed)_S 64 _t\r(by)_S 64 _t\r(legal)_S 64 _t\r(advisors)_S 64 _t\r(to)_S 64 _t\r(avoid)_S 1020 1463 _m\r
(unnecessary)_S 64 _t\r(legal)_S 64 _t\r(conflicts.)_S 4823 893 _m\r
(14)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1831 11573 _m\r
(The)_S 64 _t\r(CSIRC)_S 64 _t\r(staff)_S 64 _t\r(members)_S 64 _t\r(will)_S 64 _t\r(need)_S 64 _t\r(to)_S 64 _t\r(consult)_S 64 _t\r(the)_S 64 _t\r(Operations)_S 64 _t\r(Handbook)_S 64 _t\r(routinely,)_S 64 _t\r(thus)_S 64 _t\r(it)_S 1380 11302 _m\r
(should)_S 64 _t\r(be)_S 64 _t\r(organized)_S 64 _t\r(to)_S 64 _t\r(provide)_S 64 _t\r(ready)_S 64 _t\r(access)_S 64 _t\r(to)_S 64 _t\r(operational)_S 64 _t\r(information.)_S 128 _t\r(The)_S 64 _t\r(operations)_S 64 _t\r(hand-)_S 1380 11031 _m\r
(book)_S 64 _t\r(should)_S 64 _t\r(contain)_S 64 _t\r(the)_S 64 _t\r(following:)_S 1831 10715 _m\r
(\267)_S 2003 10715 _m\r
(Staffing)_S 64 _t\r(Information)_S 64 _t\r(-)_S 64 _t\r(contacts,)_S 64 _t\r(facsimile,)_S 64 _t\r(pagers)_S 1831 10399 _m\r
(\267)_S 2003 10399 _m\r
(Hotline)_S 64 _t\r(Use)_S 64 _t\r(-)_S 64 _t\r(numbers,)_S 64 _t\r(procedures)_S 64 _t\r(for)_S 64 _t\r(24-hour)_S 64 _t\r(operation,)_S 64 _t\r(on-call)_S 64 _t\r(lists)_S 1831 10083 _m\r
(\267)_S 2003 10083 _m\r
(Constituency)_S 64 _t\r(Communications)_S 64 _t\r(-)_S 64 _t\r(procedures)_S 64 _t\r(for)_S 64 _t\r(receiving)_S 64 _t\r(and)_S 64 _t\r(sending)_S 64 _t\r(information)_S 1831 9767 _m\r
(\267)_S 2003 9767 _m\r
(Incident)_S 64 _t\r(Reports)_S 64 _t\r(-)_S 64 _t\r(types)_S 64 _t\r(of,)_S 64 _t\r(content)_S 64 _t\r(of,)_S 64 _t\r(reviews)_S 64 _t\r(of,)_S 64 _t\r(how)_S 64 _t\r(verified)_S 1831 9451 _m\r
(\267)_S 2003 9451 _m\r
(Information)_S 64 _t\r(Handling)_S 64 _t\r(-)_S 64 _t\r(logging,)_S 64 _t\r(sensitive)_S 64 _t\r(information,)_S 64 _t\r(incident)_S 64 _t\r(summaries)_S 1831 9135 _m\r
(\267)_S 2003 9135 _m\r
(CSIRC)_S 64 _t\r(Computer)_S 64 _t\r(Equipment)_S 64 _t\r(-)_S 64 _t\r(administration)_S 64 _t\r(policies,)_S 64 _t\r(configurations,)_S 64 _t\r(procedures)_S 1831 8819 _m\r
(\267)_S 2003 8819 _m\r
(Administrative)_S 64 _t\r(Procedures)_S 64 _t\r(-)_S 64 _t\r(expense)_S 64 _t\r(reports,)_S 64 _t\r(travel,)_S 64 _t\r(security)_S 64 _t\r(clearances)_S 1831 8503 _m\r
(\267)_S 2003 8503 _m\r
(Contacts)_S 64 _t\r(within)_S 64 _t\r(investigative)_S 64 _t\r(agencies)_S 1831 8187 _m\r
(\267)_S 2003 8187 _m\r
(Dealing)_S 64 _t\r(With)_S 64 _t\r(Media)_S 64 _t\r(-)_S 64 _t\r(press)_S 64 _t\r(reports,)_S 64 _t\r(clearance)_S 64 _t\r(process)_S 1831 7871 _m\r
(\267)_S 2003 7871 _m\r
(Vendor)_S 64 _t\r(Contacts)_S 1831 7555 _m\r
(\267)_S 2003 7555 _m\r
(Other)_S 64 _t\r(Contact)_S 64 _t\r(Information)_S 64 _t\r(-)_S 64 _t\r(other)_S 64 _t\r(individuals)_S 64 _t\r(to)_S 64 _t\r(contact)_S 64 _t\r(for)_S 64 _t\r(help,)_S 64 _t\r(reference)_S 1831 7013 _m\r
(The)_S 64 _t\r(Operations)_S 64 _t\r(Handbook)_S 64 _t\r(will)_S 64 _t\r(need)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(revised)_S 64 _t\r(frequently,)_S 64 _t\r(especially)_S 64 _t\r(during)_S 64 _t\r(the)_S 64 _t\r(first)_S 1380 6742 _m\r
(year)_S 64 _t\r(of)_S 64 _t\r(CSIRC)_S 64 _t\r(operation.)_S 128 _t\r(An)_S 64 _t\r(on-line)_S 64 _t\r(copy)_S 64 _t\r(helps)_S 64 _t\r(to)_S 64 _t\r(facilitate)_S 64 _t\r(frequent)_S 64 _t\r(revisions.)_S /Helvetica-BoldR 700 _ff\r
1380 6112 _m\r
(3.7)_S 1831 6112 _m\r
(CSIRC)_S 78 _t\r(Staffing)_S 78 _t\r(Issues)_S 1831 5698 _m\r
/Times-RomanR 580 _ff\r
(Although)_S 64 _t\r(agency)_S 64 _t\r(requirements)_S 64 _t\r(differ,)_S 64 _t\r(a)_S 64 _t\r(typical)_S 64 _t\r(CSIRC)_S 64 _t\r(might)_S 64 _t\r(have)_S 64 _t\r(the)_S 64 _t\r(following)_S 64 _t\r(full-time)_S 1380 5427 _m\r
(staff:)_S 1831 5111 _m\r
(\267)_S 2003 5111 _m\r
(one)_S 64 _t\r(or)_S 64 _t\r(more)_S 64 _t\r(CSIRC)_S 64 _t\r(coordinators;)_S 1831 4795 _m\r
(\267)_S 2003 4795 _m\r
(several)_S 64 _t\r(technical)_S 64 _t\r(staff)_S 64 _t\r(members)_S 64 _t\r(\(probably)_S 64 _t\r(two)_S 64 _t\r(or)_S 64 _t\r(more\);)_S 64 _t\r(and)_S 1831 4479 _m\r
(\267)_S 2003 4479 _m\r
(support)_S 64 _t\r(staff)_S 64 _t\r(as)_S 64 _t\r(necessary.)_S 1831 3937 _m\r
(It)_S 64 _t\r(is)_S 64 _t\r(difficult)_S 64 _t\r(to)_S 64 _t\r(prescribe)_S 64 _t\r(a)_S 64 _t\r(typical)_S 64 _t\r(staffing)_S 64 _t\r(profile,)_S 64 _t\r(as)_S 64 _t\r(the)_S 64 _t\r(profile)_S 64 _t\r(is)_S 64 _t\r(directly)_S 64 _t\r(related)_S 64 _t\r(to)_S 64 _t\r(the)_S 1380 3666 _m\r
(diversity)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(constituency)_S 64 _t\r(and)_S 64 _t\r(its)_S 64 _t\r(size)_S 64 _t\r(as)_S 64 _t\r(well)_S 64 _t\r(as)_S 64 _t\r(to)_S 64 _t\r(other)_S 64 _t\r(factors)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(the)_S 64 _t\r(types)_S 64 _t\r(of)_S 64 _t\r(risks)_S 64 _t\r(to)_S 1380 3395 _m\r
(the)_S 64 _t\r(constituency)_S 64 _t\r(technology.)_S 128 _t\r(For)_S 64 _t\r(example,)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(that)_S 64 _t\r(handles)_S 64 _t\r(incidents)_S 64 _t\r(of)_S 64 _t\r(computer)_S 64 _t\r(viruses)_S 1380 3124 _m\r
(may)_S 64 _t\r(be)_S 64 _t\r(much)_S 64 _t\r(smaller)_S 64 _t\r(than)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(that)_S 64 _t\r(covers)_S 64 _t\r(several)_S 64 _t\r(types)_S 64 _t\r(of)_S 64 _t\r(systems.)_S /Helvetica-BoldR 580 _ff\r
1380 2574 _m\r
(3.7.1)_S 64 _t\r(CSIRC)_S 64 _t\r(Coordinator)_S 1831 2196 _m\r
/Times-RomanR 580 _ff\r
(The)_S 64 _t\r(position)_S 64 _t\r(of)_S 64 _t\r/Times-ItalicR 580 _ff\r
(CSIRC)_S 64 _t\r(coordinator)_S /Times-RomanR 580 _ff\r
64 _t\r(entails)_S 64 _t\r(much)_S 64 _t\r(more)_S 64 _t\r(than)_S 64 _t\r(typical)_S 64 _t\r(management)_S 64 _t\r(functions.)_S 64 _t\r1380 1924 _m\r
(A)_S 64 _t\r(CSIRC,)_S 64 _t\r(in)_S 64 _t\r(the)_S 64 _t\r(course)_S 64 _t\r(of)_S 64 _t\r(handling)_S 64 _t\r(incidents,)_S 64 _t\r(may)_S 64 _t\r(prove)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(controversial,)_S 64 _t\r(especially)_S 64 _t\r(when)_S 64 _t\r(the)_S 1380 1653 _m\r
(incidents)_S 64 _t\r(involve)_S 64 _t\r(dealings)_S 64 _t\r(with)_S 64 _t\r(other)_S 64 _t\r(agencies)_S 64 _t\r(or)_S 64 _t\r(with)_S 64 _t\r(law)_S 64 _t\r(enforcement)_S 64 _t\r(groups)_S 64 _t\r(or)_S 64 _t\r(the)_S 64 _t\r(press.)_S 128 _t\r(In)_S 1380 1382 _m\r
(situations)_S 64 _t\r(where)_S 64 _t\r(delicate)_S 64 _t\r(political)_S 64 _t\r(relationships)_S 64 _t\r(have)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(considered,)_S 64 _t\r(the)_S 64 _t\r(manager)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 5183 893 _m\r
(15)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1020 11578 _m\r
(will)_S 64 _t\r(need)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(adept)_S 64 _t\r(at)_S 64 _t\r(maintaining)_S 64 _t\r(a)_S 64 _t\r(positive)_S 64 _t\r(working)_S 64 _t\r(relationship)_S 64 _t\r(between)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(and)_S 64 _t\r(any)_S 1020 11307 _m\r
(affected)_S 64 _t\r(groups.)_S 128 _t\r(The)_S 64 _t\r(CSIRC)_S 64 _t\r(coordinator)_S 64 _t\r(might)_S 64 _t\r(also)_S 64 _t\r(have)_S 64 _t\r(to)_S 64 _t\r(spend)_S 64 _t\r(a)_S 64 _t\r(considerable)_S 64 _t\r(amount)_S 64 _t\r(of)_S 64 _t\r(time)_S 1020 11036 _m\r
("selling")_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(efforts)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(constituency)_S 64 _t\r(and)_S 64 _t\r(vendors)_S 64 _t\r(to)_S 64 _t\r(effect)_S 64 _t\r(a)_S 64 _t\r(better)_S 64 _t\r(relationship)_S 64 _t\r(and)_S 1020 10765 _m\r
(raise)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(awareness.)_S /Helvetica-BoldR 580 _ff\r
1020 10215 _m\r
(3.7.2)_S 64 _t\r(Technical)_S 64 _t\r(Staff)_S 1471 9837 _m\r
/Times-RomanR 580 _ff\r
(A)_S 64 _t\r(CSIRC's)_S 64 _t\r/Times-ItalicR 580 _ff\r
(technical)_S 64 _t\r(staff)_S 64 _t\r(members)_S /Times-RomanR 580 _ff\r
64 _t\r(should)_S 64 _t\r(possess)_S 64 _t\r(a)_S 64 _t\r(number)_S 64 _t\r(of)_S 64 _t\r(important)_S 64 _t\r(qualities.)_S 128 _t\r(Tech-)_S 1020 9565 _m\r
(nical)_S 64 _t\r(expertise)_S 64 _t\r(in)_S 64 _t\r(the)_S 64 _t\r(CSIRC's)_S 64 _t\r(technology)_S 64 _t\r(focus)_S 64 _t\r(is)_S 64 _t\r(essential;)_S 64 _t\r(however,)_S 64 _t\r(a)_S 64 _t\r(broad)_S 64 _t\r(range)_S 64 _t\r(of)_S 64 _t\r(experi-)_S 1020 9294 _m\r
(ence)_S 64 _t\r(is)_S 64 _t\r(most)_S 64 _t\r(desirable.)_S 128 _t\r(Other)_S 64 _t\r(important)_S 64 _t\r(qualities)_S 64 _t\r(center)_S 64 _t\r(around)_S 64 _t\r(good)_S 64 _t\r(communications)_S 64 _t\r(skills.)_S 128 _t\r(A)_S 1020 9023 _m\r
(summary)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(qualifications)_S 64 _t\r(a)_S 64 _t\r(technical)_S 64 _t\r(staff)_S 64 _t\r(member)_S 64 _t\r(ought)_S 64 _t\r(to)_S 64 _t\r(possess)_S 64 _t\r(might)_S 64 _t\r(be)_S 64 _t\r(as)_S 64 _t\r(follows:)_S 1471 8707 _m\r
(\267)_S 1643 8707 _m\r
(capable)_S 64 _t\r(of)_S 64 _t\r(supporting)_S 64 _t\r(the)_S 64 _t\r(technology)_S 64 _t\r(focus;)_S 1471 8391 _m\r
(\267)_S 1643 8391 _m\r
(work)_S 64 _t\r(in)_S 64 _t\r(a)_S 64 _t\r(group)_S 64 _t\r(environment)_S 64 _t\r(and)_S 64 _t\r(share)_S 64 _t\r(information)_S 64 _t\r(with)_S 64 _t\r(others;)_S 1471 8075 _m\r
(\267)_S 1643 8075 _m\r
(communicate)_S 64 _t\r(effectively)_S 64 _t\r(with)_S 64 _t\r(different)_S 64 _t\r(types)_S 64 _t\r(of)_S 64 _t\r(users,)_S 64 _t\r(who)_S 64 _t\r(will)_S 64 _t\r(range)_S 64 _t\r(from)_S 64 _t\r(system)_S 64 _t\r(ad-)_S 1643 7872 _m\r
(ministrators)_S 64 _t\r(to)_S 64 _t\r(unskilled)_S 64 _t\r(users)_S 64 _t\r(to)_S 64 _t\r(management)_S 64 _t\r(to)_S 64 _t\r(law-enforcement)_S 64 _t\r(officials;)_S 1471 7556 _m\r
(\267)_S 1643 7556 _m\r
(be)_S 64 _t\r("politically")_S 64 _t\r(adept)_S 64 _t\r(and)_S 64 _t\r(skilled)_S 64 _t\r(at)_S 64 _t\r(dealing)_S 64 _t\r(with)_S 64 _t\r(emotional)_S 64 _t\r(situations;)_S 1471 7240 _m\r
(\267)_S 1643 7240 _m\r
(be)_S 64 _t\r(on-call)_S 64 _t\r(24)_S 64 _t\r(hours)_S 64 _t\r(as)_S 64 _t\r(needed;)_S 64 _t\r(and)_S 1471 6924 _m\r
(\267)_S 1643 6924 _m\r
(be)_S 64 _t\r(able)_S 64 _t\r(to)_S 64 _t\r(travel)_S 64 _t\r(on)_S 64 _t\r(short)_S 64 _t\r(notice.)_S /Helvetica-BoldR 580 _ff\r
1020 6374 _m\r
(3.7.3)_S 64 _t\r(Other)_S 64 _t\r(Support)_S 64 _t\r(Staff)_S 1471 5998 _m\r
/Times-RomanR 580 _ff\r
(Other)_S 64 _t\r(support)_S 64 _t\r(staff)_S 64 _t\r(could)_S 64 _t\r(be)_S 64 _t\r(utilized)_S 64 _t\r(to)_S 64 _t\r(perform)_S 64 _t\r(functions)_S 64 _t\r(connected)_S 64 _t\r(with)_S 64 _t\r(the)_S 64 _t\r(daily)_S 64 _t\r(opera-)_S 1020 5727 _m\r
(tion)_S 64 _t\r(and)_S 64 _t\r(support)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIRC;)_S 64 _t\r(this)_S 64 _t\r(could)_S 64 _t\r(also)_S 64 _t\r(be)_S 64 _t\r(performed)_S 64 _t\r(by)_S 64 _t\r(technical)_S 64 _t\r(staff)_S 64 _t\r(members.)_S 128 _t\r(Some)_S 1020 5456 _m\r
(of)_S 64 _t\r(the)_S 64 _t\r(functions)_S 64 _t\r(performed)_S 64 _t\r(by)_S 64 _t\r(other)_S 64 _t\r(support)_S 64 _t\r(staff)_S 64 _t\r(would)_S 64 _t\r(be)_S 64 _t\r(as)_S 64 _t\r(follows:)_S 1471 5140 _m\r
(\267)_S 1643 5140 _m\r
(maintain)_S 64 _t\r(CSIRC)_S 64 _t\r(computer)_S 64 _t\r(resources;)_S 1471 4824 _m\r
(\267)_S 1643 4824 _m\r
(coordinate)_S 64 _t\r(incident)_S 64 _t\r(logging)_S 64 _t\r(procedures;)_S 1471 4508 _m\r
(\267)_S 1643 4508 _m\r
(develop)_S 64 _t\r(histories)_S 64 _t\r(and)_S 64 _t\r(summaries)_S 64 _t\r(of)_S 64 _t\r(CSIRC)_S 64 _t\r(interactions;)_S 1471 4192 _m\r
(\267)_S 1643 4192 _m\r
(on-line)_S 64 _t\r(analysis)_S 64 _t\r(of)_S 64 _t\r(CSIRC)_S 64 _t\r(operations;)_S 1471 3876 _m\r
(\267)_S 1643 3876 _m\r
(capture)_S 64 _t\r(lessons)_S 64 _t\r(learned)_S 64 _t\r(through)_S 64 _t\r(operation)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(and)_S 64 _t\r(post-incident)_S 64 _t\r(reviews;)_S 64 _t\r(and)_S 1471 3560 _m\r
(\267)_S 1643 3560 _m\r
(provide)_S 64 _t\r(support)_S 64 _t\r(services)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(rest)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(members.)_S 4823 893 _m\r
(16)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
/HelveticaR 580 _ff\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /HelveticaR 580 _ff\r
1380 11565 _m\r
/Helvetica-BoldR 580 _ff\r
(3.7.4)_S 64 _t\r(Requirements)_S 64 _t\r(for)_S 64 _t\r(Clearances)_S 1831 11189 _m\r
/Times-RomanR 580 _ff\r
(CSIRC)_S 64 _t\r(staff)_S 64 _t\r(members)_S 64 _t\r(may)_S 64 _t\r(require)_S 64 _t\r(clearances)_S 64 _t\r(to)_S 64 _t\r(work)_S 64 _t\r(with)_S 64 _t\r(Department)_S 64 _t\r(of)_S 64 _t\r(Defense)_S 64 _t\r(agencies)_S 1380 10918 _m\r
(and)_S 64 _t\r(law)_S 64 _t\r(enforcement)_S 64 _t\r(groups)_S 64 _t\r(in)_S 64 _t\r(situations)_S 64 _t\r(where)_S 64 _t\r(data)_S 64 _t\r(may)_S 64 _t\r(be)_S 64 _t\r(sensitive)_S 64 _t\r(or)_S 64 _t\r(classified.)_S 128 _t\r(While)_S 64 _t\r(clear-)_S 1380 10647 _m\r
(ances)_S 64 _t\r(will)_S 64 _t\r(not)_S 64 _t\r(be)_S 64 _t\r(necessary)_S 64 _t\r(for)_S 64 _t\r(all)_S 64 _t\r(environments,)_S 64 _t\r(information)_S 64 _t\r(about)_S 64 _t\r(aspects)_S 64 _t\r(of)_S 64 _t\r(incidents)_S 64 _t\r(can)_S 64 _t\r(be-)_S 1380 10376 _m\r
(come)_S 64 _t\r(classified)_S 64 _t\r(depending)_S 64 _t\r(on)_S 64 _t\r(many)_S 64 _t\r(factors.)_S 128 _t\r(Finding)_S 64 _t\r(people)_S 64 _t\r(who)_S 64 _t\r(can)_S 64 _t\r(or)_S 64 _t\r(wish)_S 64 _t\r(to)_S 64 _t\r(undergo)_S 64 _t\r(the)_S 1380 10105 _m\r
(clearance)_S 64 _t\r(process)_S 64 _t\r(and)_S 64 _t\r(who)_S 64 _t\r(possess)_S 64 _t\r(the)_S 64 _t\r(requisite)_S 64 _t\r(skills)_S 64 _t\r(may)_S 64 _t\r(be)_S 64 _t\r(time-consuming)_S 64 _t\r(and)_S 64 _t\r(the)_S 64 _t\r(clearance)_S 1380 9834 _m\r
(process)_S 64 _t\r(itself)_S 64 _t\r(may)_S 64 _t\r(take)_S 64 _t\r(several)_S 64 _t\r(months)_S 64 _t\r(or)_S 64 _t\r(longer.)_S 128 _t\r(If)_S 64 _t\r(there)_S 64 _t\r(exists)_S 64 _t\r(a)_S 64 _t\r(requirement)_S 64 _t\r(for)_S 64 _t\r(clearances,)_S 1380 9563 _m\r
(paperwork)_S 64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(submitted)_S 64 _t\r(at)_S 64 _t\r(the)_S 64 _t\r(earliest)_S 64 _t\r(opportunity.)_S /Helvetica-BoldR 580 _ff\r
1380 9013 _m\r
(3.7.5)_S 64 _t\r(Avoiding)_S 64 _t\r(Burn-Out)_S 1831 8637 _m\r
/Times-RomanR 580 _ff\r
(If)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(performs)_S 64 _t\r(only)_S 64 _t\r(incident)_S 64 _t\r(handling)_S 64 _t\r(and)_S 64 _t\r(no)_S 64 _t\r(other)_S 64 _t\r(activities,)_S 64 _t\r(burn-out)_S 64 _t\r(may)_S 64 _t\r(become)_S 64 _t\r(a)_S 1380 8366 _m\r
(critical)_S 64 _t\r(problem)_S 64 _t\r(affecting)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(staff)_S 64 _t\r(members.)_S 128 _t\r(Incident)_S 64 _t\r(handling)_S 64 _t\r(on)_S 64 _t\r(a)_S 64 _t\r(full-time)_S 64 _t\r(basis)_S 64 _t\r(may)_S 1380 8095 _m\r
(prove)_S 64 _t\r(somewhat)_S 64 _t\r(underchallenging)_S 64 _t\r(for)_S 64 _t\r(highly)_S 64 _t\r(technical)_S 64 _t\r(individuals,)_S 64 _t\r(and)_S 64 _t\r(some)_S 64 _t\r(alternative)_S 64 _t\r(tasks)_S 1380 7824 _m\r
(may)_S 64 _t\r(need)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(built-in.)_S 128 _t\r(Some)_S 64 _t\r(suggestions)_S 64 _t\r(for)_S 64 _t\r(these)_S 64 _t\r(tasks)_S 64 _t\r(are:)_S 1831 7508 _m\r
(\267)_S 2003 7508 _m\r
(performing)_S 64 _t\r(workshops)_S 64 _t\r(or)_S 64 _t\r(training)_S 64 _t\r(sessions)_S 64 _t\r(for)_S 64 _t\r(the)_S 64 _t\r(constituency;)_S 1831 7192 _m\r
(\267)_S 2003 7192 _m\r
(writing)_S 64 _t\r(educational)_S 64 _t\r(material)_S 64 _t\r(that)_S 64 _t\r(can)_S 64 _t\r(be)_S 64 _t\r(distributed)_S 64 _t\r(or)_S 64 _t\r(published;)_S 1831 6876 _m\r
(\267)_S 2003 6876 _m\r
(writing)_S 64 _t\r(software)_S 64 _t\r(tools)_S 64 _t\r(for)_S 64 _t\r(system)_S 64 _t\r(managers)_S 64 _t\r(to)_S 64 _t\r(better)_S 64 _t\r(detect)_S 64 _t\r(or)_S 64 _t\r(prevent)_S 64 _t\r(incidents;)_S 64 _t\r(and)_S 1831 6560 _m\r
(\267)_S 2003 6560 _m\r
(conducting)_S 64 _t\r(research.)_S 5183 893 _m\r
(17)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
4823 893 _m\r
(18)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
/HelveticaR 900 _ff\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /HelveticaR 900 _ff\r
1380 11483 _m\r
/Helvetica-BoldR 900 _ff\r
(4.)_S 1831 11483 _m\r
(CSIRC)_S 100 _t\r(Operational)_S 100 _t\r(Issues)_S 100 _t\r(and)_S 100 _t\r(Activities)_S /Times-RomanR 580 _ff\r
1831 10902 _m\r
(This)_S 64 _t\r(section)_S 64 _t\r(describes)_S 64 _t\r(some)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(issues)_S 64 _t\r(and)_S 64 _t\r(activities)_S 64 _t\r(involved)_S 64 _t\r(in)_S 64 _t\r(operating)_S 64 _t\r(a)_S 64 _t\r(CSIRC.)_S 64 _t\r1380 10631 _m\r
(Incident)_S 64 _t\r(response)_S 64 _t\r(is)_S 64 _t\r(a)_S 64 _t\r(process)_S 64 _t\r(whereby)_S 64 _t\r(incidents)_S 64 _t\r(are)_S 64 _t\r(identified,)_S 64 _t\r(contained,)_S 64 _t\r(and)_S 64 _t\r(resolved.)_S 128 _t\r(There)_S 1380 10360 _m\r
(are)_S 64 _t\r(many)_S 64 _t\r(issues)_S 64 _t\r(and)_S 64 _t\r(details)_S 64 _t\r(involved)_S 64 _t\r(in)_S 64 _t\r(each)_S 64 _t\r(of)_S 64 _t\r(these)_S 64 _t\r(steps;)_S 64 _t\r(a)_S 64 _t\r(detailed)_S 64 _t\r(discussion)_S 64 _t\r(is)_S 64 _t\r(beyond)_S 64 _t\r(the)_S 1380 10089 _m\r
(scope)_S 64 _t\r(of)_S 64 _t\r(this)_S 64 _t\r(guide.)_S 128 _t\r(Readers)_S 64 _t\r(are)_S 64 _t\r(encouraged)_S 64 _t\r(to)_S 64 _t\r(examine)_S 64 _t\r/Times-RomanR 450 _ff\r
([HOLBROOK91])_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r/Times-RomanR 450 _ff\r
([BRAND89])_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(and)_S 1380 9818 _m\r
/Times-RomanR 450 _ff\r
([SCHULTZ90])_S /Times-RomanR 580 _ff\r
64 _t\r(for)_S 64 _t\r(discussion)_S 64 _t\r(on)_S 64 _t\r(incident)_S 64 _t\r(response.)_S 1831 9276 _m\r
(This)_S 64 _t\r(chapter)_S 64 _t\r(concentrates)_S 64 _t\r(on)_S 64 _t\r(operational)_S 64 _t\r(activities)_S 64 _t\r(and)_S 64 _t\r(issues)_S 64 _t\r(that)_S 64 _t\r(are)_S 64 _t\r(generally)_S 64 _t\r(involved)_S 64 _t\r(in)_S 1380 9005 _m\r
(incident)_S 64 _t\r(response,)_S 64 _t\r(regardless)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(type)_S 64 _t\r(of)_S 64 _t\r(incidents,)_S 64 _t\r(computing)_S 64 _t\r(environments,)_S 64 _t\r(or)_S 64 _t\r(organization.)_S 64 _t\r1380 8734 _m\r
(Sections)_S 64 _t\r(deal)_S 64 _t\r(with)_S 64 _t\r(constituency)_S 64 _t\r(communications,)_S 64 _t\r(logging)_S 64 _t\r(information,)_S 64 _t\r(legal)_S 64 _t\r(issues,)_S 64 _t\r(the)_S 64 _t\r(press,)_S 64 _t\r(and)_S 1380 8463 _m\r
(post-incident)_S 64 _t\r(procedures.)_S /Helvetica-BoldR 700 _ff\r
1380 7833 _m\r
(4.1)_S 1831 7833 _m\r
(Communications)_S 78 _t\r(with)_S 78 _t\r(the)_S 78 _t\r(Constituency)_S 1831 7419 _m\r
/Times-RomanR 580 _ff\r
(A)_S 64 _t\r(CSIRC)_S 64 _t\r(needs)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(in)_S 64 _t\r(touch)_S 64 _t\r(with)_S 64 _t\r(its)_S 64 _t\r(constituency)_S 64 _t\r(on)_S 64 _t\r(a)_S 64 _t\r(daily)_S 64 _t\r(basis)_S 64 _t\r(to)_S 64 _t\r(effect)_S 64 _t\r(centralized)_S 1380 7148 _m\r
(reporting)_S 64 _t\r(and)_S 64 _t\r(to)_S 64 _t\r(disseminate)_S 64 _t\r(information)_S 64 _t\r(concerning)_S 64 _t\r(vulnerabilities,)_S 64 _t\r(alerts,)_S 64 _t\r(and)_S 64 _t\r(other)_S 64 _t\r(awareness)_S 1380 6877 _m\r
(information.)_S 128 _t\r(This)_S 64 _t\r(section)_S 64 _t\r(contains)_S 64 _t\r(information)_S 64 _t\r(on)_S 64 _t\r(technical)_S 64 _t\r(communications)_S 64 _t\r(issues,)_S 64 _t\r(i.e.,)_S 64 _t\r(the)_S 1380 6606 _m\r
(mechanisms)_S 64 _t\r(for)_S 64 _t\r(convenient)_S 64 _t\r(and)_S 64 _t\r(effective)_S 64 _t\r(communications)_S 64 _t\r(between)_S 64 _t\r(the)_S 64 _t\r(constituency)_S 64 _t\r(and)_S 64 _t\r(CSIRC.)_S 64 _t\r1380 6335 _m\r
(Sections)_S 64 _t\r(focus)_S 64 _t\r(on)_S 64 _t\r(issuing)_S 64 _t\r(a)_S 64 _t\r(press)_S 64 _t\r(release)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(constituency)_S 64 _t\r(and)_S 64 _t\r(issues)_S 64 _t\r(on)_S 64 _t\r(using)_S 64 _t\r(a)_S 64 _t\r(hotline)_S 64 _t\r(and)_S 1380 6064 _m\r
(information)_S 64 _t\r(repository.)_S /Helvetica-BoldR 580 _ff\r
1380 5514 _m\r
(4.1.1)_S 64 _t\r(Issuing)_S 64 _t\r(a)_S 64 _t\r(Press)_S 64 _t\r(Release)_S 1831 5138 _m\r
/Times-RomanR 580 _ff\r
(A)_S 64 _t\r(press)_S 64 _t\r(release)_S 64 _t\r(is)_S 64 _t\r(useful)_S 64 _t\r(for)_S 64 _t\r(making)_S 64 _t\r(the)_S 64 _t\r(existence)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(known)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(constituency)_S 1380 4867 _m\r
(so)_S 64 _t\r(that)_S 64 _t\r(misconceptions)_S 64 _t\r(and)_S 64 _t\r(misunderstandings)_S 64 _t\r(about)_S 64 _t\r(the)_S 64 _t\r(CSIRC's)_S 64 _t\r(role)_S 64 _t\r(and)_S 64 _t\r(purpose)_S 64 _t\r(are)_S 64 _t\r(avoided.)_S 64 _t\r1380 4596 _m\r
(A)_S 64 _t\r(press)_S 64 _t\r(release)_S 64 _t\r(should)_S 64 _t\r(minimally)_S 64 _t\r(state)_S 64 _t\r(the)_S 64 _t\r(purpose)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(and)_S 64 _t\r(where)_S 64 _t\r(its)_S 64 _t\r(boundaries)_S 64 _t\r(of)_S 64 _t\r(in-)_S 1380 4325 _m\r
(volvement)_S 64 _t\r(lay.)_S 128 _t\r(It)_S 64 _t\r(should)_S 64 _t\r(define)_S 64 _t\r(the)_S 64 _t\r(constituency)_S 64 _t\r(and)_S 64 _t\r(how)_S 64 _t\r(the)_S 64 _t\r(constituency)_S 64 _t\r(can)_S 64 _t\r(get)_S 64 _t\r(in)_S 64 _t\r(touch)_S 64 _t\r(with)_S 1380 4054 _m\r
(the)_S 64 _t\r(CSIRC.)_S 128 _t\r(It)_S 64 _t\r(may)_S 64 _t\r(be)_S 64 _t\r(advisable)_S 64 _t\r(before)_S 64 _t\r(commencing)_S 64 _t\r(CSIRC)_S 64 _t\r(operations)_S 64 _t\r(to)_S 64 _t\r(make)_S 64 _t\r(other)_S 64 _t\r(informa-)_S 1380 3783 _m\r
(tion)_S 64 _t\r(available)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(public)_S 64 _t\r(affairs)_S 64 _t\r(office)_S 64 _t\r(so)_S 64 _t\r(that)_S 64 _t\r(they)_S 64 _t\r(will)_S 64 _t\r(have)_S 64 _t\r(appropriate)_S 64 _t\r(material)_S 64 _t\r(on-hand)_S 1380 3512 _m\r
(when)_S 64 _t\r(fielding)_S 64 _t\r(inquiries)_S 64 _t\r(about)_S 64 _t\r(the)_S 64 _t\r(CSIRC.)_S 1831 2970 _m\r
(A)_S 64 _t\r(CSIRC)_S 64 _t\r(may)_S 64 _t\r(find)_S 64 _t\r(it)_S 64 _t\r(advantageous)_S 64 _t\r(to)_S 64 _t\r(issue)_S 64 _t\r(press)_S 64 _t\r(releases)_S 64 _t\r(for)_S 64 _t\r(reasons)_S 64 _t\r(other)_S 64 _t\r(than)_S 64 _t\r(initial)_S 1380 2699 _m\r
(start-up.)_S 128 _t\r(During)_S 64 _t\r(the)_S 64 _t\r(course)_S 64 _t\r(of)_S 64 _t\r(an)_S 64 _t\r(incident,)_S 64 _t\r(it)_S 64 _t\r(may)_S 64 _t\r(be)_S 64 _t\r(useful)_S 64 _t\r(to)_S 64 _t\r(issue)_S 64 _t\r(information)_S 64 _t\r(to)_S 64 _t\r(ensure)_S 64 _t\r(that)_S 1380 2428 _m\r
(accurate)_S 64 _t\r(information)_S 64 _t\r(gets)_S 64 _t\r(disseminated)_S 64 _t\r(and)_S 64 _t\r(damaging)_S 64 _t\r(misconceptions)_S 64 _t\r(are)_S 64 _t\r(prevented.)_S 128 _t\r(When)_S 64 _t\r(deal-)_S 1380 2157 _m\r
(ing)_S 64 _t\r(with)_S 64 _t\r(the)_S 64 _t\r(press,)_S 64 _t\r(always)_S 64 _t\r(make)_S 64 _t\r(use)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(public)_S 64 _t\r(affairs)_S 64 _t\r(office.)_S 128 _t\r(Working)_S 64 _t\r(with)_S 64 _t\r(the)_S 64 _t\r(press)_S 64 _t\r(is)_S 64 _t\r(cov-)_S 1380 1886 _m\r
(ered)_S 64 _t\r(in)_S 64 _t\r(more)_S 64 _t\r(detail)_S 64 _t\r(in)_S 64 _t\r(section)_S 64 _t\r(4.5.)_S 5183 893 _m\r
(19)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
/HelveticaR 580 _ff\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /HelveticaR 580 _ff\r
1020 11570 _m\r
/Helvetica-BoldR 580 _ff\r
(4.1.2)_S 64 _t\r(Setting)_S 64 _t\r(Up)_S 64 _t\r(a)_S 64 _t\r(Hotline)_S 64 _t\r(Capability)_S 1471 11194 _m\r
/Times-RomanR 580 _ff\r
(The)_S 64 _t\r(CSIRC)_S 64 _t\r(needs)_S 64 _t\r(to)_S 64 _t\r(advertise)_S 64 _t\r(how)_S 64 _t\r(the)_S 64 _t\r(constituency)_S 64 _t\r(can)_S 64 _t\r(contact)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(in)_S 64 _t\r(case)_S 64 _t\r(of)_S 1020 10923 _m\r
(emergencies)_S 64 _t\r(and)_S 64 _t\r(other)_S 64 _t\r(matters.)_S 128 _t\r(It)_S 64 _t\r(may)_S 64 _t\r(be)_S 64 _t\r(most)_S 64 _t\r(practical)_S 64 _t\r(to)_S 64 _t\r(publish)_S 64 _t\r(a)_S 64 _t\r("hotline")_S 64 _t\r(telephone)_S 64 _t\r(number)_S 1020 10652 _m\r
(that)_S 64 _t\r(the)_S 64 _t\r(constituency)_S 64 _t\r(can)_S 64 _t\r(call)_S 64 _t\r(for)_S 64 _t\r(urgent)_S 64 _t\r(matters.)_S 128 _t\r(An)_S 64 _t\r(e-mail)_S 64 _t\r(address)_S 64 _t\r(is)_S 64 _t\r(useful)_S 64 _t\r(for)_S 64 _t\r(constituents)_S 64 _t\r(to)_S 1020 10381 _m\r
(send)_S 64 _t\r(inquiries)_S 64 _t\r(or)_S 64 _t\r(obtain)_S 64 _t\r(information.)_S 128 _t\r(Using)_S 64 _t\r(an)_S 64 _t\r(e-mail)_S 64 _t\r(address)_S 64 _t\r(or)_S 64 _t\r(telephone)_S 64 _t\r(voice)_S 64 _t\r(mailbox)_S 64 _t\r(per-)_S 1020 10110 _m\r
(mits)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(staff)_S 64 _t\r(to)_S 64 _t\r(prioritize)_S 64 _t\r(calls.)_S 128 _t\r(An)_S 64 _t\r(e-mail)_S 64 _t\r(address)_S 64 _t\r(offers)_S 64 _t\r(the)_S 64 _t\r(further)_S 64 _t\r(advantage)_S 64 _t\r(of)_S 64 _t\r(all)_S 1020 9839 _m\r
(members)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(being)_S 64 _t\r(able)_S 64 _t\r(to)_S 64 _t\r(receive)_S 64 _t\r(the)_S 64 _t\r(e-mail,)_S 64 _t\r(enhancing)_S 64 _t\r(team)_S 64 _t\r(communications.)_S 1471 9297 _m\r
(An)_S 64 _t\r(important)_S 64 _t\r(detail)_S 64 _t\r(to)_S 64 _t\r(setting)_S 64 _t\r(up)_S 64 _t\r(a)_S 64 _t\r(hotline)_S 64 _t\r(capability)_S 64 _t\r(is)_S 64 _t\r(deciding)_S 64 _t\r(who)_S 64 _t\r(should)_S 64 _t\r(answer)_S 64 _t\r(the)_S 1020 9026 _m\r
(calls.)_S 128 _t\r(A)_S 64 _t\r(practical)_S 64 _t\r(arrangement)_S 64 _t\r(is)_S 64 _t\r(to)_S 64 _t\r(designate)_S 64 _t\r(a)_S 64 _t\r(technical)_S 64 _t\r(staff)_S 64 _t\r(member)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r("on-call")_S 64 _t\r(for)_S 64 _t\r(a)_S 64 _t\r(cer-)_S 1020 8755 _m\r
(tain)_S 64 _t\r(period,)_S 64 _t\r(one)_S 64 _t\r(week)_S 64 _t\r(for)_S 64 _t\r(example,)_S 64 _t\r(and)_S 64 _t\r(then)_S 64 _t\r(to)_S 64 _t\r(rotate)_S 64 _t\r(the)_S 64 _t\r(assignment)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(next)_S 64 _t\r(staff)_S 64 _t\r(member,)_S 1020 8484 _m\r
(with)_S 64 _t\r(other)_S 64 _t\r(staff)_S 64 _t\r(members)_S 64 _t\r(available)_S 64 _t\r(to)_S 64 _t\r(help)_S 64 _t\r(out)_S 64 _t\r(as)_S 64 _t\r(needed.)_S 128 _t\r(This)_S 64 _t\r(arrangement)_S 64 _t\r(is)_S 64 _t\r(most)_S 64 _t\r(practical)_S 1020 8213 _m\r
(when)_S 64 _t\r(the)_S 64 _t\r(hotline)_S 64 _t\r(is)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(staffed)_S 64 _t\r(24)_S 64 _t\r(hours)_S 64 _t\r(a)_S 64 _t\r(day;)_S 64 _t\r(the)_S 64 _t\r(staff)_S 64 _t\r(member)_S 64 _t\r(on-call)_S 64 _t\r(needs)_S 64 _t\r(to)_S 64 _t\r(wear)_S 64 _t\r(a)_S 64 _t\r(pager)_S 1020 7942 _m\r
(when)_S 64 _t\r(away)_S 64 _t\r(from)_S 64 _t\r(the)_S 64 _t\r(office)_S 64 _t\r(and)_S 64 _t\r(stay)_S 64 _t\r(within)_S 64 _t\r(a)_S 64 _t\r(close)_S 64 _t\r(geographical)_S 64 _t\r(area)_S 64 _t\r(during)_S 64 _t\r(the)_S 64 _t\r(period)_S 64 _t\r(of)_S 64 _t\r(on-call)_S 1020 7671 _m\r
(duty.)_S /Helvetica-BoldR 580 _ff\r
1020 7121 _m\r
(4.1.3)_S 64 _t\r(Setting)_S 64 _t\r(Up)_S 64 _t\r(Alert)_S 64 _t\r(Mechanisms)_S 1471 6745 _m\r
/Times-RomanR 580 _ff\r
(The)_S 64 _t\r(CSIRC)_S 64 _t\r(needs)_S 64 _t\r(some)_S 64 _t\r(mechanism)_S 64 _t\r(for)_S 64 _t\r(alerting)_S 64 _t\r(its)_S 64 _t\r(constituency)_S 64 _t\r(of)_S 64 _t\r(important)_S 64 _t\r(alert)_S 64 _t\r(and)_S 1020 6474 _m\r
(vulnerability-related)_S 64 _t\r(information.)_S 128 _t\r(In)_S 64 _t\r(certain)_S 64 _t\r(environments,)_S 64 _t\r(a)_S 64 _t\r(computer)_S 64 _t\r(network)_S 64 _t\r(works)_S 64 _t\r(well)_S 64 _t\r(for)_S 1020 6203 _m\r
(this)_S 64 _t\r(purpose;)_S 128 _t\r(information)_S 64 _t\r(sent)_S 64 _t\r(out)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(network)_S 64 _t\r(could)_S 64 _t\r(rapidly)_S 64 _t\r(reach)_S 64 _t\r(users.)_S 128 _t\r(Users)_S 64 _t\r(could)_S 64 _t\r(respond)_S 1020 5932 _m\r
(to)_S 64 _t\r(a)_S 64 _t\r(central)_S 64 _t\r(CSIRC)_S 64 _t\r(e-mail)_S 64 _t\r(address.)_S 1471 5390 _m\r
(Factors)_S 64 _t\r(that)_S 64 _t\r(make)_S 64 _t\r(a)_S 64 _t\r(computer)_S 64 _t\r(network)_S 64 _t\r(less)_S 64 _t\r(feasible)_S 64 _t\r(include)_S 64 _t\r(lack)_S 64 _t\r(of)_S 64 _t\r(uniform)_S 64 _t\r(access)_S 64 _t\r(to)_S 64 _t\r(a)_S 64 _t\r(net-)_S 1020 5119 _m\r
(work)_S 64 _t\r(and)_S 64 _t\r(lack)_S 64 _t\r(of)_S 64 _t\r(trust)_S 64 _t\r(in)_S 64 _t\r(the)_S 64 _t\r(network,)_S 64 _t\r(i.e.,)_S 64 _t\r(if)_S 64 _t\r(classified)_S 64 _t\r(or)_S 64 _t\r(very)_S 64 _t\r(sensitive)_S 64 _t\r(information)_S 64 _t\r(would)_S 64 _t\r(need)_S 1020 4848 _m\r
(to)_S 64 _t\r(be)_S 64 _t\r(relayed)_S 64 _t\r(via)_S 64 _t\r(a)_S 64 _t\r(network)_S 64 _t\r(subject)_S 64 _t\r(to)_S 64 _t\r(eavesdropping.)_S 128 _t\r(If)_S 64 _t\r(no)_S 64 _t\r(central,)_S 64 _t\r(homogeneous)_S 64 _t\r(network)_S 64 _t\r(exists,)_S 1020 4577 _m\r
(communications)_S 64 _t\r(are)_S 64 _t\r(more)_S 64 _t\r(complicated.)_S 128 _t\r(A)_S 64 _t\r(frequent)_S 64 _t\r(networking)_S 64 _t\r(situation)_S 64 _t\r(is)_S 64 _t\r(that)_S 64 _t\r(several)_S 64 _t\r(different)_S 1020 4306 _m\r
(types)_S 64 _t\r(of)_S 64 _t\r(networks)_S 64 _t\r(are)_S 64 _t\r(in)_S 64 _t\r(use)_S 64 _t\r(throughout)_S 64 _t\r(an)_S 64 _t\r(agency.)_S 128 _t\r(In)_S 64 _t\r(this)_S 64 _t\r(case,)_S 64 _t\r(gateways)_S 64 _t\r(between)_S 64 _t\r(the)_S 64 _t\r(networks)_S 1020 4035 _m\r
(could)_S 64 _t\r(be)_S 64 _t\r(investigated,)_S 64 _t\r(or)_S 64 _t\r(else)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(may)_S 64 _t\r(need)_S 64 _t\r(direct)_S 64 _t\r(access)_S 64 _t\r(to)_S 64 _t\r(each)_S 64 _t\r(network.)_S 128 _t\r(Encryption)_S 1020 3764 _m\r
(methods)_S 64 _t\r(should)_S 64 _t\r(also)_S 64 _t\r(be)_S 64 _t\r(explored)_S 64 _t\r(so)_S 64 _t\r(that)_S 64 _t\r(network)_S 64 _t\r(traffic)_S 64 _t\r(can)_S 64 _t\r(be)_S 64 _t\r(protected)_S 64 _t\r(from)_S 64 _t\r(surreptitious)_S 64 _t\r(tam-)_S 1020 3493 _m\r
(pering)_S 64 _t\r(and)_S 64 _t\r(listening.)_S 128 _t\r(The)_S 64 _t\r(CSIRC)_S 64 _t\r(could)_S 64 _t\r(also)_S 64 _t\r(issue)_S 64 _t\r(alerts)_S 64 _t\r(and)_S 64 _t\r(information)_S 64 _t\r(via)_S 64 _t\r(telephone,)_S 64 _t\r(manage-)_S 1020 3222 _m\r
(ment)_S 64 _t\r(bulletins,)_S 64 _t\r(facsimile,)_S 64 _t\r(or)_S 64 _t\r(phone-mail.)_S 1471 2680 _m\r
(Emergency)_S 64 _t\r(backup)_S 64 _t\r(communications)_S 64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(put)_S 64 _t\r(in)_S 64 _t\r(place)_S 64 _t\r(for)_S 64 _t\r(contingencies)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(equip-)_S 1020 2409 _m\r
(ment)_S 64 _t\r(failure)_S 64 _t\r(or)_S 64 _t\r(malicious)_S 64 _t\r(activity)_S 64 _t\r(that)_S 64 _t\r(could)_S 64 _t\r(make)_S 64 _t\r(the)_S 64 _t\r(primary)_S 64 _t\r(mechanism)_S 64 _t\r(unavailable.)_S 128 _t\r(While)_S 64 _t\r(a)_S 1020 2138 _m\r
(redundant)_S 64 _t\r(computer)_S 64 _t\r(network)_S 64 _t\r(is)_S 64 _t\r(preferable,)_S 64 _t\r(a)_S 64 _t\r(simple)_S 64 _t\r(but)_S 64 _t\r(effective)_S 64 _t\r(backup)_S 64 _t\r(mechanism)_S 64 _t\r(could)_S 64 _t\r(make)_S 1020 1867 _m\r
(use)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(points-of-contact)_S 64 _t\r(list)_S 64 _t\r(to)_S 64 _t\r(alert)_S 64 _t\r(management,)_S 64 _t\r(which)_S 64 _t\r(could)_S 64 _t\r(in)_S 64 _t\r(turn)_S 64 _t\r(alert)_S 64 _t\r(users.)_S 4823 893 _m\r
(20)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
/HelveticaR 580 _ff\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /HelveticaR 580 _ff\r
1380 11565 _m\r
/Helvetica-BoldR 580 _ff\r
(4.1.4)_S 64 _t\r(Use)_S 64 _t\r(of)_S 64 _t\r(an)_S 64 _t\r(Information)_S 64 _t\r(Repository)_S 1831 11189 _m\r
/Times-RomanR 580 _ff\r
(An)_S 64 _t\r(electronic)_S 64 _t\r(information)_S 64 _t\r(repository)_S 64 _t\r(offers)_S 64 _t\r(significant)_S 64 _t\r(advantages)_S 64 _t\r(in)_S 64 _t\r(that)_S 64 _t\r(it)_S 64 _t\r(can)_S 64 _t\r(be)_S 64 _t\r(used)_S 64 _t\r(to)_S 1380 10918 _m\r
(make)_S 64 _t\r(awareness)_S 64 _t\r(information)_S 64 _t\r(available)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(constituency)_S 64 _t\r(in)_S 64 _t\r(a)_S 64 _t\r(format)_S 64 _t\r(that)_S 64 _t\r(is)_S 64 _t\r(both)_S 64 _t\r(convenient)_S 64 _t\r(and)_S 1380 10647 _m\r
(efficient)_S 64 _t\r(for)_S 64 _t\r(the)_S 64 _t\r(CSIRC.)_S 128 _t\r(Users)_S 64 _t\r(are)_S 64 _t\r(able)_S 64 _t\r(to)_S 64 _t\r(peruse)_S 64 _t\r(and)_S 64 _t\r(download)_S 64 _t\r(information)_S 64 _t\r(without)_S 64 _t\r(requiring)_S 1380 10376 _m\r
(assistance)_S 64 _t\r(from)_S 64 _t\r(the)_S 64 _t\r(CSIRC,)_S 64 _t\r(enabling)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(to)_S 64 _t\r(concentrate)_S 64 _t\r(its)_S 64 _t\r(resources)_S 64 _t\r(on)_S 64 _t\r(incident)_S 64 _t\r(handling)_S 1380 10105 _m\r
(and)_S 64 _t\r(information)_S 64 _t\r(gathering.)_S 128 _t\r(An)_S 64 _t\r(information)_S 64 _t\r(repository)_S 64 _t\r(might)_S 64 _t\r(include)_S 64 _t\r(the)_S 64 _t\r(following:)_S 1831 9789 _m\r
(\267)_S 2003 9789 _m\r
(archived)_S 64 _t\r(vulnerability)_S 64 _t\r(or)_S 64 _t\r(alert)_S 64 _t\r(information;)_S 1831 9473 _m\r
(\267)_S 2003 9473 _m\r
(descriptions)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(and)_S 64 _t\r(related)_S 64 _t\r(information;)_S 1831 9157 _m\r
(\267)_S 2003 9157 _m\r
(agency)_S 64 _t\r(security)_S 64 _t\r(policies;)_S 1831 8841 _m\r
(\267)_S 2003 8841 _m\r
(procedures)_S 64 _t\r(for)_S 64 _t\r(reporting)_S 64 _t\r(suspected)_S 64 _t\r(problems)_S 64 _t\r(or)_S 64 _t\r(incidents;)_S 1831 8525 _m\r
(\267)_S 2003 8525 _m\r
(self-help)_S 64 _t\r(information,)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(how)_S 64 _t\r(to)_S 64 _t\r(use)_S 64 _t\r(access)_S 64 _t\r(controls)_S 64 _t\r(to)_S 64 _t\r(improve)_S 64 _t\r(integrity;)_S 64 _t\r(and)_S 1831 8209 _m\r
(\267)_S 2003 8209 _m\r
(information)_S 64 _t\r(about)_S 64 _t\r(current)_S 64 _t\r(threats,)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(viruses)_S 64 _t\r(or)_S 64 _t\r(software)_S 64 _t\r(vulnerabilities.)_S 1831 7667 _m\r
(If)_S 64 _t\r(the)_S 64 _t\r(constituency)_S 64 _t\r(is)_S 64 _t\r(aligned)_S 64 _t\r(along)_S 64 _t\r(a)_S 64 _t\r(network,)_S 64 _t\r(a)_S 64 _t\r(network)_S 64 _t\r(server)_S 64 _t\r(could)_S 64 _t\r(be)_S 64 _t\r(made)_S 64 _t\r(available)_S 64 _t\r(as)_S 1380 7396 _m\r
(an)_S 64 _t\r(information)_S 64 _t\r(repository.)_S 128 _t\r(Otherwise,)_S 64 _t\r(a)_S 64 _t\r(bulletin)_S 64 _t\r(board)_S 64 _t\r(system)_S 64 _t\r(\(BBS\))_S 64 _t\r(system)_S 64 _t\r(reachable)_S 64 _t\r(via)_S 64 _t\r(tele-)_S 1380 7125 _m\r
(phone)_S 64 _t\r(lines)_S 64 _t\r(may)_S 64 _t\r(work.)_S 128 _t\r(Minimally,)_S 64 _t\r(this)_S 64 _t\r(information)_S 64 _t\r(could)_S 64 _t\r(be)_S 64 _t\r(made)_S 64 _t\r(available)_S 64 _t\r(in)_S 64 _t\r(hard)_S 64 _t\r(copy,)_S 64 _t\r(al-)_S 1380 6854 _m\r
(though)_S 64 _t\r(the)_S 64 _t\r(dissemination)_S 64 _t\r(of)_S 64 _t\r(hardcopy)_S 64 _t\r(material)_S 64 _t\r(may)_S 64 _t\r(better)_S 64 _t\r(be)_S 64 _t\r(handled)_S 64 _t\r(by)_S 64 _t\r(a)_S 64 _t\r(group)_S 64 _t\r(other)_S 64 _t\r(than)_S 64 _t\r(the)_S 1380 6583 _m\r
(CSIRC.)_S /Helvetica-BoldR 700 _ff\r
1380 5953 _m\r
(4.2)_S 1831 5953 _m\r
(Logging)_S 78 _t\r(Information)_S 1831 5539 _m\r
/Times-RomanR 580 _ff\r
(A)_S 64 _t\r(CSIRC)_S 64 _t\r(needs)_S 64 _t\r(to)_S 64 _t\r(retain)_S 64 _t\r(a)_S 64 _t\r(variety)_S 64 _t\r(of)_S 64 _t\r(information)_S 64 _t\r(for)_S 64 _t\r(its)_S 64 _t\r(own)_S 64 _t\r(operational)_S 64 _t\r(use)_S 64 _t\r(and)_S 64 _t\r(for)_S 64 _t\r(con-)_S 1380 5268 _m\r
(ducting)_S 64 _t\r(reviews)_S 64 _t\r(of)_S 64 _t\r(effectiveness)_S 64 _t\r(and)_S 64 _t\r(accountability.)_S 128 _t\r(Several)_S 64 _t\r(types)_S 64 _t\r(of)_S 64 _t\r(information)_S 64 _t\r(need)_S 64 _t\r(to)_S 64 _t\r(be)_S 1380 4997 _m\r
(maintained:)_S 1831 4681 _m\r
(\267)_S 2003 4681 _m\r
(contact)_S 64 _t\r(information)_S 1831 4365 _m\r
(\267)_S 2003 4365 _m\r
(activity)_S 64 _t\r(logs)_S 1831 4049 _m\r
(\267)_S 2003 4049 _m\r
(incident)_S 64 _t\r(logs)_S /Helvetica-BoldR 580 _ff\r
1380 3454 _m\r
(4.2.1)_S 64 _t\r(Contact)_S 64 _t\r(Information)_S 1831 3078 _m\r
/Times-RomanR 580 _ff\r
(The)_S 64 _t\r(demands)_S 64 _t\r(of)_S 64 _t\r(incident)_S 64 _t\r(handling)_S 64 _t\r(necessitate)_S 64 _t\r(that)_S 64 _t\r(contact)_S 64 _t\r(information)_S 64 _t\r(be)_S 64 _t\r(maintained)_S 64 _t\r(in)_S 64 _t\r(a)_S 1380 2807 _m\r
(format)_S 64 _t\r(that)_S 64 _t\r(can)_S 64 _t\r(be)_S 64 _t\r(readily)_S 64 _t\r(accessed)_S 64 _t\r(and)_S 64 _t\r(updated.)_S 128 _t\r(A)_S 64 _t\r(contacts)_S 64 _t\r(database)_S 64 _t\r(includes)_S 64 _t\r(such)_S 64 _t\r(items)_S 64 _t\r(as)_S 1380 2536 _m\r
(vendor)_S 64 _t\r(contacts,)_S 64 _t\r(legal)_S 64 _t\r(and)_S 64 _t\r(investigative)_S 64 _t\r(contacts,)_S 64 _t\r(other)_S 64 _t\r(individuals)_S 64 _t\r(with)_S 64 _t\r(technical)_S 64 _t\r(expertise,)_S 64 _t\r(and)_S 1380 2265 _m\r
(other)_S 64 _t\r(CSIRC)_S 64 _t\r(information.)_S 128 _t\r(A)_S 64 _t\r(contacts)_S 64 _t\r(database)_S 64 _t\r(record)_S 64 _t\r(might)_S 64 _t\r(include)_S 64 _t\r(the)_S 64 _t\r(following)_S 64 _t\r(information)_S 1380 1994 _m\r
(fields:)_S 1831 1723 _m\r
(Name)_S 1831 1452 _m\r
(Title)_S 5183 893 _m\r
(21)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1471 11578 _m\r
(Organization)_S 1471 11307 _m\r
(Address)_S 1471 11036 _m\r
(Regular)_S 64 _t\r(Phone)_S 1471 10765 _m\r
(Emergency)_S 64 _t\r(Phone)_S 1471 10494 _m\r
(E-mail)_S 64 _t\r(Address)_S 1471 10223 _m\r
(Facsimile)_S 64 _t\r(Address)_S 1471 9952 _m\r
(Comments)_S 64 _t\r(\(could)_S 64 _t\r(include)_S 64 _t\r(field)_S 64 _t\r(of)_S 64 _t\r(expertise)_S 64 _t\r(or)_S 64 _t\r(other)_S 64 _t\r(information\))_S 1471 9681 _m\r
(Alternative)_S 64 _t\r(Contact)_S 64 _t\r(\(in)_S 64 _t\r(case)_S 64 _t\r(contact)_S 64 _t\r(is)_S 64 _t\r(not)_S 64 _t\r(available\))_S /Helvetica-BoldR 580 _ff\r
1020 9131 _m\r
(4.2.2)_S 64 _t\r(Activity)_S 64 _t\r(Logs)_S 1471 8755 _m\r
/Times-RomanR 580 _ff\r
(Activity)_S 64 _t\r(logs)_S 64 _t\r(reflect)_S 64 _t\r(the)_S 64 _t\r(course)_S 64 _t\r(of)_S 64 _t\r(each)_S 64 _t\r(day.)_S 128 _t\r(It)_S 64 _t\r(is)_S 64 _t\r(not)_S 64 _t\r(necessary)_S 64 _t\r(to)_S 64 _t\r(describe)_S 64 _t\r(each)_S 64 _t\r(activity)_S 64 _t\r(in)_S 1020 8484 _m\r
(detail,)_S 64 _t\r(but)_S 64 _t\r(it)_S 64 _t\r(is)_S 64 _t\r(useful)_S 64 _t\r(to)_S 64 _t\r(keep)_S 64 _t\r(such)_S 64 _t\r(a)_S 64 _t\r(log)_S 64 _t\r(so)_S 64 _t\r(that)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(can)_S 64 _t\r(account)_S 64 _t\r(for)_S 64 _t\r(its)_S 64 _t\r(actions.)_S 128 _t\r(Noting)_S 1020 8213 _m\r
(all)_S 64 _t\r(contacts,)_S 64 _t\r(telephone)_S 64 _t\r(conversations,)_S 64 _t\r(and)_S 64 _t\r(so)_S 64 _t\r(forth)_S 64 _t\r(ultimately)_S 64 _t\r(saves)_S 64 _t\r(time)_S 64 _t\r(by)_S 64 _t\r(enabling)_S 64 _t\r(one)_S 64 _t\r(to)_S 64 _t\r(retain)_S 1020 7942 _m\r
(information)_S 64 _t\r(that)_S 64 _t\r(may)_S 64 _t\r(prove)_S 64 _t\r(useful)_S 64 _t\r(later.)_S 128 _t\r(Security)_S 64 _t\r(incidents)_S 64 _t\r(or)_S 64 _t\r(other)_S 64 _t\r(events)_S 64 _t\r(that)_S 64 _t\r(are)_S 64 _t\r(seemingly)_S 1020 7671 _m\r
(unrelated)_S 64 _t\r(may,)_S 64 _t\r(through)_S 64 _t\r(examining)_S 64 _t\r(activity)_S 64 _t\r(logs,)_S 64 _t\r(prove)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(related)_S 64 _t\r(or)_S 64 _t\r(otherwise)_S 64 _t\r(more)_S 64 _t\r(important.)_S 64 _t\r1020 7400 _m\r
(While)_S 64 _t\r(it)_S 64 _t\r(is)_S 64 _t\r(possible)_S 64 _t\r(to)_S 64 _t\r(maintain)_S 64 _t\r(activity)_S 64 _t\r(logs)_S 64 _t\r(on-line,)_S 64 _t\r(a)_S 64 _t\r(simple)_S 64 _t\r(notebook)_S 64 _t\r(is)_S 64 _t\r(convenient)_S 64 _t\r(and)_S 64 _t\r(flexi-)_S 1020 7129 _m\r
(ble.)_S /Helvetica-BoldR 580 _ff\r
1020 6579 _m\r
(4.2.3)_S 64 _t\r(Incident)_S 64 _t\r(Logs)_S 1471 6203 _m\r
/Times-RomanR 580 _ff\r
(Incident)_S 64 _t\r(logs)_S 64 _t\r(are)_S 64 _t\r(generated)_S 64 _t\r(during)_S 64 _t\r(the)_S 64 _t\r(course)_S 64 _t\r(of)_S 64 _t\r(handling)_S 64 _t\r(an)_S 64 _t\r(incident.)_S 128 _t\r(While)_S 64 _t\r(physically)_S 1020 5932 _m\r
(similar)_S 64 _t\r(to)_S 64 _t\r(activity)_S 64 _t\r(logs,)_S 64 _t\r(they)_S 64 _t\r(are)_S 64 _t\r(dedicated)_S 64 _t\r(to)_S 64 _t\r(incident)_S 64 _t\r(response)_S 64 _t\r(and)_S 64 _t\r(merit)_S 64 _t\r(more)_S 64 _t\r(detail.)_S 128 _t\r(Incident)_S 1020 5661 _m\r
(logs)_S 64 _t\r(are)_S 64 _t\r(important)_S 64 _t\r(for)_S 64 _t\r(accurate)_S 64 _t\r(recording)_S 64 _t\r(of)_S 64 _t\r(events)_S 64 _t\r(that)_S 64 _t\r(may)_S 64 _t\r(need)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(relayed)_S 64 _t\r(to)_S 64 _t\r(others)_S 64 _t\r(-)_S 64 _t\r(if)_S 64 _t\r(little)_S 1020 5390 _m\r
(or)_S 64 _t\r(no)_S 64 _t\r(information)_S 64 _t\r(is)_S 64 _t\r(logged,)_S 64 _t\r(the)_S 64 _t\r(source)_S 64 _t\r(of)_S 64 _t\r(information)_S 64 _t\r(needs)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(contacted)_S 64 _t\r(repeatedly,)_S 64 _t\r(wasting)_S 1020 5119 _m\r
(valuable)_S 64 _t\r(time.)_S 128 _t\r(Information)_S 64 _t\r(in)_S 64 _t\r(incident)_S 64 _t\r(logs)_S 64 _t\r(is)_S 64 _t\r(helpful)_S 64 _t\r(for)_S 64 _t\r(establishing)_S 64 _t\r(new)_S 64 _t\r(contacts,)_S 64 _t\r(piecing)_S 1020 4848 _m\r
(together)_S 64 _t\r(the)_S 64 _t\r(cause,)_S 64 _t\r(course,)_S 64 _t\r(and)_S 64 _t\r(extent)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(incident,)_S 64 _t\r(and)_S 64 _t\r(for)_S 64 _t\r(post-incident)_S 64 _t\r(analysis)_S 64 _t\r(and)_S 64 _t\r(final)_S 1020 4577 _m\r
(assessment)_S 64 _t\r(of)_S 64 _t\r(damage.)_S 128 _t\r(Additionally,)_S 64 _t\r(if)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(will)_S 64 _t\r(be)_S 64 _t\r(involved)_S 64 _t\r(in)_S 64 _t\r(potential)_S 64 _t\r(prosecutions,)_S 64 _t\r(the)_S 1020 4306 _m\r
(information)_S 64 _t\r(might)_S 64 _t\r(also)_S 64 _t\r(be)_S 64 _t\r(used)_S 64 _t\r(as)_S 64 _t\r(evidence.)_S 128 _t\r(An)_S 64 _t\r(incident)_S 64 _t\r(log)_S 64 _t\r(should)_S 64 _t\r(minimally)_S 64 _t\r(contain)_S 64 _t\r(the)_S 64 _t\r(fol-)_S 1020 4035 _m\r
(lowing)_S 64 _t\r(information:)_S 1471 3719 _m\r
(\267)_S 1643 3719 _m\r
(all)_S 64 _t\r(actions)_S 64 _t\r(taken,)_S 64 _t\r(with)_S 64 _t\r(times)_S 64 _t\r(noted;)_S 1471 3403 _m\r
(\267)_S 1643 3403 _m\r
(all)_S 64 _t\r(conversations,)_S 64 _t\r(including)_S 64 _t\r(the)_S 64 _t\r(person\(s\))_S 64 _t\r(involved,)_S 64 _t\r(the)_S 64 _t\r(date)_S 64 _t\r(and)_S 64 _t\r(time,)_S 64 _t\r(and)_S 64 _t\r(a)_S 64 _t\r(summary;)_S 1643 3200 _m\r
(and)_S 1471 2884 _m\r
(\267)_S 1643 2884 _m\r
(all)_S 64 _t\r(system)_S 64 _t\r(events)_S 64 _t\r(and)_S 64 _t\r(other)_S 64 _t\r(pertinent)_S 64 _t\r(information)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(audit)_S 64 _t\r(logs.)_S 1471 2342 _m\r
(It)_S 64 _t\r(is)_S 64 _t\r(practical)_S 64 _t\r(to)_S 64 _t\r(maintain)_S 64 _t\r(an)_S 64 _t\r(incident)_S 64 _t\r(log)_S 64 _t\r(in)_S 64 _t\r(a)_S 64 _t\r(notebook)_S 64 _t\r(along)_S 64 _t\r(with)_S 64 _t\r(the)_S 64 _t\r(activity)_S 64 _t\r(log.)_S 128 _t\r(It)_S 64 _t\r(may)_S 1020 2071 _m\r
(be)_S 64 _t\r(difficult)_S 64 _t\r(to)_S 64 _t\r(pinpoint)_S 64 _t\r(when)_S 64 _t\r(an)_S 64 _t\r(incident)_S 64 _t\r(first)_S 64 _t\r(began)_S 64 _t\r(or)_S 64 _t\r(when)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(first)_S 64 _t\r(became)_S 64 _t\r(aware)_S 64 _t\r(of)_S 64 _t\r(it,)_S 1020 1800 _m\r
(thus)_S 64 _t\r(the)_S 64 _t\r(log)_S 64 _t\r(of)_S 64 _t\r(an)_S 64 _t\r(incident)_S 64 _t\r(may)_S 64 _t\r(become)_S 64 _t\r(intertwined)_S 64 _t\r(with)_S 64 _t\r(the)_S 64 _t\r(activity)_S 64 _t\r(log.)_S /Helvetica-BoldR 580 _ff\r
4823 893 _m\r
/Times-RomanR 580 _ff\r
(22)_S /HelveticaR 580 _ff\r
_ep\r
_bp /HelveticaR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /HelveticaR 580 _ff\r
1380 11565 _m\r
/Helvetica-BoldR 580 _ff\r
(4.2.4)_S 64 _t\r(Information)_S 64 _t\r(Maintenance)_S 1831 11189 _m\r
/Times-RomanR 580 _ff\r
(Maintain)_S 64 _t\r(all)_S 64 _t\r(contact)_S 64 _t\r(and)_S 64 _t\r(other)_S 64 _t\r(information)_S 64 _t\r(in)_S 64 _t\r(a)_S 64 _t\r(tightly)_S 64 _t\r(controlled)_S 64 _t\r(area.)_S 128 _t\r(Notebooks)_S 64 _t\r(need)_S 64 _t\r(to)_S 1380 10918 _m\r
(be)_S 64 _t\r(stored)_S 64 _t\r(in)_S 64 _t\r(locked,)_S 64 _t\r(fireproof)_S 64 _t\r(areas.)_S 128 _t\r(All)_S 64 _t\r(information)_S 64 _t\r(maintained)_S 64 _t\r(on-line)_S 64 _t\r(needs)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(backed)_S 64 _t\r(up)_S 1380 10647 _m\r
(daily)_S 64 _t\r(and)_S 64 _t\r(secured)_S 64 _t\r(from)_S 64 _t\r(unauthorized)_S 64 _t\r(access.)_S 128 _t\r(Store)_S 64 _t\r(the)_S 64 _t\r(information)_S 64 _t\r(on)_S 64 _t\r(a)_S 64 _t\r(system)_S 64 _t\r(that)_S 64 _t\r(is)_S 64 _t\r(inacces-)_S 1380 10376 _m\r
(sible)_S 64 _t\r(to)_S 64 _t\r(non-CSIRC)_S 64 _t\r(members,)_S 64 _t\r(i.e.,)_S 64 _t\r(a)_S 64 _t\r(system)_S 64 _t\r(not)_S 64 _t\r(connected)_S 64 _t\r(to)_S 64 _t\r(an)_S 64 _t\r(agency-wide)_S 64 _t\r(network.)_S /Helvetica-BoldR 700 _ff\r
1380 9746 _m\r
(4.3)_S 1831 9746 _m\r
(Incident)_S 78 _t\r(Notification)_S 78 _t\r(Issues)_S 1831 9332 _m\r
/Times-RomanR 580 _ff\r
(When)_S 64 _t\r(first)_S 64 _t\r(notified)_S 64 _t\r(of)_S 64 _t\r(an)_S 64 _t\r(incident,)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(follows)_S 64 _t\r(an)_S 64 _t\r(established)_S 64 _t\r(set)_S 64 _t\r(of)_S 64 _t\r(procedures)_S 64 _t\r(to)_S 1380 9061 _m\r
(verify)_S 64 _t\r(the)_S 64 _t\r(actual)_S 64 _t\r(existence)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(incident)_S 64 _t\r(and)_S 64 _t\r(to)_S 64 _t\r(notify)_S 64 _t\r(appropriate)_S 64 _t\r(contacts)_S 64 _t\r(within)_S 64 _t\r(the)_S 64 _t\r(agency)_S 64 _t\r(as)_S 1380 8790 _m\r
(well)_S 64 _t\r(as)_S 64 _t\r(others)_S 64 _t\r(affected)_S 64 _t\r(by)_S 64 _t\r(the)_S 64 _t\r(incident.)_S 128 _t\r(If)_S 64 _t\r(these)_S 64 _t\r(procedures)_S 64 _t\r(are)_S 64 _t\r(not)_S 64 _t\r(established)_S 64 _t\r(beforehand,)_S 64 _t\r(em-)_S 1380 8519 _m\r
(barrassing)_S 64 _t\r(and)_S 64 _t\r(potentially)_S 64 _t\r(damaging)_S 64 _t\r(situations)_S 64 _t\r(could)_S 64 _t\r(arise)_S 64 _t\r(that)_S 64 _t\r(may)_S 64 _t\r(damage)_S 64 _t\r(the)_S 64 _t\r(agency's)_S 64 _t\r(reputa-)_S 1380 8248 _m\r
(tion)_S 64 _t\r(and)_S 64 _t\r(expose)_S 64 _t\r(it)_S 64 _t\r(to)_S 64 _t\r(legal)_S 64 _t\r(problems)_S 64 _t\r/Times-RomanR 450 _ff\r
([STEWART89])_S /Times-RomanR 580 _ff\r
(.)_S /Helvetica-BoldR 580 _ff\r
1380 7698 _m\r
(4.3.1)_S 64 _t\r(Identifying)_S 64 _t\r(the)_S 64 _t\r(Existence)_S 64 _t\r(of)_S 64 _t\r(an)_S 64 _t\r(Incident)_S 64 _t\r(and)_S 64 _t\r(its)_S 64 _t\r(Scope)_S 1831 7322 _m\r
/Times-RomanR 580 _ff\r
(Upon)_S 64 _t\r(learning)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(possible)_S 64 _t\r(incident,)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(needs)_S 64 _t\r(to)_S 64 _t\r(take)_S 64 _t\r(steps)_S 64 _t\r(to)_S 64 _t\r(verify)_S 64 _t\r(that)_S 64 _t\r(the)_S 64 _t\r(inci-)_S 1380 7051 _m\r
(dent)_S 64 _t\r(actually)_S 64 _t\r(does)_S 64 _t\r(exist.)_S 128 _t\r(If)_S 64 _t\r(the)_S 64 _t\r(source)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(incident)_S 64 _t\r(information)_S 64 _t\r(is)_S 64 _t\r(unfamiliar)_S 64 _t\r(or)_S 64 _t\r(not)_S 64 _t\r(trusted,)_S 1380 6780 _m\r
(verify)_S 64 _t\r(the)_S 64 _t\r(source,)_S 64 _t\r(especially)_S 64 _t\r(if)_S 64 _t\r(the)_S 64 _t\r(source)_S 64 _t\r(has)_S 64 _t\r(identified)_S 64 _t\r(themselves)_S 64 _t\r(as)_S 64 _t\r(a)_S 64 _t\r(representative)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(legal)_S 1380 6509 _m\r
(or)_S 64 _t\r(investigative)_S 64 _t\r(agency.)_S 128 _t\r(Verify)_S 64 _t\r(the)_S 64 _t\r(incident,)_S 64 _t\r(firsthand)_S 64 _t\r(if)_S 64 _t\r(possible,)_S 64 _t\r(to)_S 64 _t\r(ensure)_S 64 _t\r(that)_S 64 _t\r(the)_S 64 _t\r(incident)_S 64 _t\r(is)_S 1380 6238 _m\r
(not)_S 64 _t\r(a)_S 64 _t\r(harmless)_S 64 _t\r(misunderstanding)_S 64 _t\r(or)_S 64 _t\r(even)_S 64 _t\r(a)_S 64 _t\r(hoax.)_S 128 _t\r(The)_S 64 _t\r(CSIRC)_S 64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(aware)_S 64 _t\r(of)_S 64 _t\r(false)_S 64 _t\r(alarms)_S 1380 5967 _m\r
(and)_S 64 _t\r(other)_S 64 _t\r(activity)_S 64 _t\r(that)_S 64 _t\r(may)_S 64 _t\r(only)_S 64 _t\r(resemble)_S 64 _t\r(something)_S 64 _t\r(more)_S 64 _t\r(serious.)_S 1831 5425 _m\r
(Once)_S 64 _t\r(the)_S 64 _t\r(incident)_S 64 _t\r(is)_S 64 _t\r(verified,)_S 64 _t\r(determine)_S 64 _t\r(its)_S 64 _t\r(scope.)_S 128 _t\r(While)_S 64 _t\r(the)_S 64 _t\r(real)_S 64 _t\r(scope)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(incident)_S 64 _t\r(may)_S 1380 5154 _m\r
(not)_S 64 _t\r(be)_S 64 _t\r(apparent)_S 64 _t\r(at)_S 64 _t\r(this)_S 64 _t\r(stage,)_S 64 _t\r(knowing)_S 64 _t\r(whether)_S 64 _t\r(it)_S 64 _t\r(affects)_S 64 _t\r(other)_S 64 _t\r(agencies)_S 64 _t\r(or)_S 64 _t\r(organizations)_S 64 _t\r(will)_S 1380 4883 _m\r
(determine)_S 64 _t\r(who)_S 64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(notified)_S 64 _t\r(and)_S 64 _t\r(whether)_S 64 _t\r(investigative)_S 64 _t\r(agencies)_S 64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(contacted.)_S /Helvetica-BoldR 580 _ff\r
1380 4333 _m\r
(4.3.2)_S 64 _t\r(Notifying)_S 64 _t\r(Appropriate)_S 64 _t\r(Agency)_S 64 _t\r(Personnel)_S 1831 3957 _m\r
/Times-RomanR 580 _ff\r
(After)_S 64 _t\r(the)_S 64 _t\r(incident)_S 64 _t\r(has)_S 64 _t\r(been)_S 64 _t\r(confirmed,)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(may)_S 64 _t\r(be)_S 64 _t\r(required)_S 64 _t\r(to)_S 64 _t\r(notify)_S 64 _t\r(a)_S 64 _t\r(predeter-)_S 1380 3686 _m\r
(mined)_S 64 _t\r(list)_S 64 _t\r(of)_S 64 _t\r(agency)_S 64 _t\r(personnel.)_S 128 _t\r(Create)_S 64 _t\r(this)_S 64 _t\r(list)_S 64 _t\r(before)_S 64 _t\r(incident)_S 64 _t\r(handling)_S 64 _t\r(occurs)_S 64 _t\r(to)_S 64 _t\r(avoid)_S 64 _t\r(confu-)_S 1380 3415 _m\r
(sion)_S 64 _t\r(and)_S 64 _t\r(prevent)_S 64 _t\r(situations)_S 64 _t\r(where)_S 64 _t\r(agency)_S 64 _t\r(officials)_S 64 _t\r(learn)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(incident)_S 64 _t\r(via)_S 64 _t\r(third)_S 64 _t\r(parties.)_S 128 _t\r(While)_S 1380 3144 _m\r
(each)_S 64 _t\r(agency)_S 64 _t\r(has)_S 64 _t\r(its)_S 64 _t\r(own)_S 64 _t\r(notification)_S 64 _t\r(requirements,)_S 64 _t\r(a)_S 64 _t\r(typical)_S 64 _t\r(list)_S 64 _t\r(might)_S 64 _t\r(include)_S 64 _t\r(the)_S 64 _t\r(following:)_S 1831 2828 _m\r
(\267)_S 2003 2828 _m\r
(agency)_S 64 _t\r(directors)_S 1831 2512 _m\r
(\267)_S 2003 2512 _m\r
(computer)_S 64 _t\r(security)_S 64 _t\r(personnel)_S 1831 2196 _m\r
(\267)_S 2003 2196 _m\r
(network)_S 64 _t\r(managers)_S 64 _t\r(as)_S 64 _t\r(appropriate)_S 1831 1880 _m\r
(\267)_S 2003 1880 _m\r
(data)_S 64 _t\r(processing)_S 64 _t\r(sites)_S 64 _t\r(as)_S 64 _t\r(appropriate)_S 1831 1564 _m\r
(\267)_S 2003 1564 _m\r
(legal)_S 64 _t\r(advisor)_S 5183 893 _m\r
(23)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1471 11578 _m\r
(\267)_S 1643 11578 _m\r
(public)_S 64 _t\r(affairs)_S 64 _t\r(office)_S 1471 11262 _m\r
(\267)_S 1643 11262 _m\r
(local)_S 64 _t\r(or)_S 64 _t\r(state)_S 64 _t\r(police)_S 1471 10946 _m\r
(\267)_S 1643 10946 _m\r
(contacts)_S 64 _t\r(in)_S 64 _t\r(investigative)_S 64 _t\r(agencies)_S /Helvetica-BoldR 580 _ff\r
1020 10351 _m\r
(4.3.3)_S 64 _t\r(Notifying)_S 64 _t\r(Affected)_S 64 _t\r(Users)_S 1471 9975 _m\r
/Times-RomanR 580 _ff\r
(If)_S 64 _t\r(the)_S 64 _t\r(incident)_S 64 _t\r(affects)_S 64 _t\r(other)_S 64 _t\r(users,)_S 64 _t\r(they)_S 64 _t\r(may)_S 64 _t\r(need)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(notified)_S 64 _t\r(so)_S 64 _t\r(as)_S 64 _t\r(to)_S 64 _t\r(take)_S 64 _t\r(appropriate)_S 1020 9704 _m\r
(action.)_S 128 _t\r(For)_S 64 _t\r(example,)_S 64 _t\r(if)_S 64 _t\r(an)_S 64 _t\r(intruder)_S 64 _t\r(is)_S 64 _t\r(using)_S 64 _t\r(a)_S 64 _t\r(system)_S 64 _t\r(to)_S 64 _t\r(break)_S 64 _t\r(into)_S 64 _t\r(other)_S 64 _t\r(systems,)_S 64 _t\r(the)_S 64 _t\r(system's)_S 1020 9433 _m\r
(administrator)_S 64 _t\r(needs)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(contacted)_S 64 _t\r(so)_S 64 _t\r(that)_S 64 _t\r(the)_S 64 _t\r(intruder's)_S 64 _t\r(access)_S 64 _t\r(can)_S 64 _t\r(be)_S 64 _t\r(closed)_S 64 _t\r(or)_S 64 _t\r(their)_S 64 _t\r(actions)_S 1020 9162 _m\r
(monitored.)_S 128 _t\r(When)_S 64 _t\r(apprising)_S 64 _t\r(users)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(existence)_S 64 _t\r(of)_S 64 _t\r(an)_S 64 _t\r(incident,)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(should)_S 64 _t\r(make)_S 64 _t\r(every)_S 1020 8891 _m\r
(attempt)_S 64 _t\r(to)_S 64 _t\r(provide)_S 64 _t\r(clear)_S 64 _t\r(and)_S 64 _t\r(concise)_S 64 _t\r(information,)_S 64 _t\r(as)_S 64 _t\r(those)_S 64 _t\r(users)_S 64 _t\r(may)_S 64 _t\r(need)_S 64 _t\r(to)_S 64 _t\r(inform)_S 64 _t\r(their)_S 64 _t\r(respec-)_S 1020 8620 _m\r
(tive)_S 64 _t\r(organizations.)_S 128 _t\r(The)_S 64 _t\r(CSIRC)_S 64 _t\r(should)_S 64 _t\r(avoid)_S 64 _t\r(any)_S 64 _t\r(appearance)_S 64 _t\r(of)_S 64 _t\r(being)_S 64 _t\r(an)_S 64 _t\r(enforcement)_S 64 _t\r(activity)_S 1020 8349 _m\r
(and)_S 64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(aware)_S 64 _t\r(that)_S 64 _t\r(affected)_S 64 _t\r(users)_S 64 _t\r(may)_S 64 _t\r(not)_S 64 _t\r(take)_S 64 _t\r(the)_S 64 _t\r(news)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(incident)_S 64 _t\r(in)_S 64 _t\r(a)_S 64 _t\r(positive)_S 64 _t\r(man-)_S 1020 8078 _m\r
(ner.)_S 128 _t\r(Good)_S 64 _t\r(communication)_S 64 _t\r(skills)_S 64 _t\r(and)_S 64 _t\r(the)_S 64 _t\r(ability)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(adaptive)_S 64 _t\r(to)_S 64 _t\r(different)_S 64 _t\r(users)_S 64 _t\r(and)_S 64 _t\r(their)_S 64 _t\r(respec-)_S 1020 7807 _m\r
(tive)_S 64 _t\r(levels)_S 64 _t\r(of)_S 64 _t\r(technical)_S 64 _t\r(experience)_S 64 _t\r(are)_S 64 _t\r(all)_S 64 _t\r(the)_S 64 _t\r(more)_S 64 _t\r(important.)_S /Helvetica-BoldR 580 _ff\r
1020 7257 _m\r
(4.3.4)_S 64 _t\r(Requests)_S 64 _t\r(for)_S 64 _t\r(Confidentiality)_S 1471 6881 _m\r
/Times-RomanR 580 _ff\r
(During)_S 64 _t\r(the)_S 64 _t\r(course)_S 64 _t\r(of)_S 64 _t\r(incident)_S 64 _t\r(handling,)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(may)_S 64 _t\r(find)_S 64 _t\r(that)_S 64 _t\r(some)_S 64 _t\r(individuals)_S 64 _t\r(wish)_S 64 _t\r(to)_S 1020 6610 _m\r
(remain)_S 64 _t\r(anonymous,)_S 64 _t\r(i.e.,)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(may)_S 64 _t\r(be)_S 64 _t\r(requested)_S 64 _t\r(to)_S 64 _t\r(keep)_S 64 _t\r(its)_S 64 _t\r(source)_S 64 _t\r(of)_S 64 _t\r(incident)_S 64 _t\r(information)_S 1020 6339 _m\r
(confidential.)_S 128 _t\r(This)_S 64 _t\r(presents)_S 64 _t\r(a)_S 64 _t\r(dilemma)_S 64 _t\r(if)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(is)_S 64 _t\r(obligated)_S 64 _t\r(to)_S 64 _t\r(report)_S 64 _t\r(source)_S 64 _t\r(of)_S 64 _t\r(information:)_S 1020 6068 _m\r
(if)_S 64 _t\r(the)_S 64 _t\r(party)_S 64 _t\r(is)_S 64 _t\r(not)_S 64 _t\r(granted)_S 64 _t\r(anonymity,)_S 64 _t\r(the)_S 64 _t\r(party)_S 64 _t\r(may)_S 64 _t\r(refuse)_S 64 _t\r(to)_S 64 _t\r(cooperate)_S 64 _t\r(further)_S 64 _t\r(or)_S 64 _t\r(may)_S 64 _t\r(turn)_S 64 _t\r(to)_S 1020 5797 _m\r
(another)_S 64 _t\r(CSIR)_S 64 _t\r(effort)_S 64 _t\r(that)_S 64 _t\r(respects)_S 64 _t\r(the)_S 64 _t\r(party's)_S 64 _t\r(wishes.)_S 1471 5255 _m\r
(The)_S 64 _t\r(central)_S 64 _t\r(issue)_S 64 _t\r(is)_S 64 _t\r(that)_S 64 _t\r(if)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(takes)_S 64 _t\r(on)_S 64 _t\r(the)_S 64 _t\r(appearance)_S 64 _t\r(of)_S 64 _t\r(an)_S 64 _t\r(enforcement)_S 64 _t\r(aspect)_S 64 _t\r(and)_S 1020 4984 _m\r
(does)_S 64 _t\r(not)_S 64 _t\r(respect)_S 64 _t\r(requests)_S 64 _t\r(for)_S 64 _t\r(confidentiality,)_S 64 _t\r(incidents)_S 64 _t\r(may)_S 64 _t\r(not)_S 64 _t\r(be)_S 64 _t\r(reported)_S 64 _t\r(because)_S 64 _t\r(the)_S 64 _t\r(affected)_S 1020 4713 _m\r
(parties)_S 64 _t\r(may)_S 64 _t\r(not)_S 64 _t\r(want)_S 64 _t\r(to)_S 64 _t\r(risk)_S 64 _t\r(exposure,)_S 64 _t\r(embarrassment,)_S 64 _t\r(or)_S 64 _t\r(penalty.)_S 128 _t\r(If)_S 64 _t\r(the)_S 64 _t\r(parties)_S 64 _t\r(turn)_S 64 _t\r(to)_S 64 _t\r(other)_S 1020 4442 _m\r
(CSIR)_S 64 _t\r(efforts,)_S 64 _t\r(it)_S 64 _t\r(may)_S 64 _t\r(present)_S 64 _t\r(dilemmas)_S 64 _t\r(for)_S 64 _t\r(those)_S 64 _t\r(efforts,)_S 64 _t\r(since)_S 64 _t\r(they)_S 64 _t\r(may)_S 64 _t\r(not)_S 64 _t\r(wish)_S 64 _t\r(to)_S 64 _t\r(overstep)_S 64 _t\r(their)_S 1020 4171 _m\r
(boundaries)_S 64 _t\r(of)_S 64 _t\r(involvement.)_S 1471 3629 _m\r
(If)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(is)_S 64 _t\r(to)_S 64 _t\r(respect)_S 64 _t\r(requests)_S 64 _t\r(for)_S 64 _t\r(confidentiality,)_S 64 _t\r(CSIRC)_S 64 _t\r(staff)_S 64 _t\r(members)_S 64 _t\r(should)_S 64 _t\r(advise)_S 1020 3358 _m\r
(affected)_S 64 _t\r(parties)_S 64 _t\r(that)_S 64 _t\r(they)_S 64 _t\r(may)_S 64 _t\r(still)_S 64 _t\r(be)_S 64 _t\r(under)_S 64 _t\r(other)_S 64 _t\r(obligations)_S 64 _t\r(for)_S 64 _t\r(reporting)_S 64 _t\r(the)_S 64 _t\r(incident)_S 64 _t\r(informa-)_S 1020 3087 _m\r
(tion,)_S 64 _t\r(i.e.,)_S 64 _t\r(the)_S 64 _t\r(CSIRC's)_S 64 _t\r(decision)_S 64 _t\r(not)_S 64 _t\r(to)_S 64 _t\r(report)_S 64 _t\r(a)_S 64 _t\r(source)_S 64 _t\r(does)_S 64 _t\r(not)_S 64 _t\r(remove)_S 64 _t\r(any)_S 64 _t\r(other)_S 64 _t\r(obligations)_S 64 _t\r(for)_S 1020 2816 _m\r
(reporting.)_S 128 _t\r(Making)_S 64 _t\r(this)_S 64 _t\r(clear)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(party)_S 64 _t\r(is)_S 64 _t\r(important)_S 64 _t\r(from)_S 64 _t\r(a)_S 64 _t\r(legal)_S 64 _t\r(standpoint)_S 64 _t\r(and)_S 64 _t\r(may)_S 64 _t\r(encourage)_S 1020 2545 _m\r
(the)_S 64 _t\r(party)_S 64 _t\r(to)_S 64 _t\r(fulfill)_S 64 _t\r(its)_S 64 _t\r(obligations.)_S 4823 893 _m\r
(24)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
/HelveticaR 700 _ff\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /HelveticaR 700 _ff\r
1380 11534 _m\r
/Helvetica-BoldR 700 _ff\r
(4.4)_S 1831 11534 _m\r
(Legal)_S 78 _t\r(Issues)_S 1831 11120 _m\r
/Times-RomanR 580 _ff\r
(There)_S 64 _t\r(are)_S 64 _t\r(a)_S 64 _t\r(number)_S 64 _t\r(of)_S 64 _t\r(legal)_S 64 _t\r(issues)_S 64 _t\r(in)_S 64 _t\r(operating)_S 64 _t\r(a)_S 64 _t\r(CSIRC.)_S 128 _t\r(Some)_S 64 _t\r(of)_S 64 _t\r(these)_S 64 _t\r(issues)_S 64 _t\r(have)_S 64 _t\r(al-)_S 1380 10849 _m\r
(ready)_S 64 _t\r(been)_S 64 _t\r(covered:)_S 64 _t\r(Chapter)_S 64 _t\r(3)_S 64 _t\r(discussed)_S 64 _t\r(appropriate)_S 64 _t\r(language)_S 64 _t\r(in)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(charter)_S 64 _t\r(to)_S 64 _t\r(reduce)_S 1380 10578 _m\r
(legal)_S 64 _t\r(exposure)_S 64 _t\r(by)_S 64 _t\r(defining)_S 64 _t\r(the)_S 64 _t\r(CSIRC's)_S 64 _t\r(expressed)_S 64 _t\r(purpose)_S 64 _t\r(and)_S 64 _t\r(boundaries)_S 64 _t\r(of)_S 64 _t\r(involvement.)_S 128 _t\r(The)_S 1380 10307 _m\r
(guidance)_S 64 _t\r(given)_S 64 _t\r(here)_S 64 _t\r(is)_S 64 _t\r(not)_S 64 _t\r(authoritative;)_S 64 _t\r(always)_S 64 _t\r(consult)_S 64 _t\r(appropriate)_S 64 _t\r(agency)_S 64 _t\r(legal)_S 64 _t\r(advisors.)_S /Helvetica-BoldR 580 _ff\r
1380 9757 _m\r
(4.4.1)_S 64 _t\r(Working)_S 64 _t\r(With)_S 64 _t\r(Law-Enforcement)_S 64 _t\r(and)_S 64 _t\r(Investigative)_S 64 _t\r(Agencies)_S 1831 9381 _m\r
/Times-RomanR 580 _ff\r
(A)_S 64 _t\r(CSIRC)_S 64 _t\r(needs)_S 64 _t\r(to)_S 64 _t\r(make)_S 64 _t\r(contacts)_S 64 _t\r(within)_S 64 _t\r(the)_S 64 _t\r(local)_S 64 _t\r(and)_S 64 _t\r(state)_S 64 _t\r(law-enforcement)_S 64 _t\r(groups)_S 64 _t\r(and)_S 1380 9110 _m\r
(within)_S 64 _t\r(the)_S 64 _t\r(investigative)_S 64 _t\r(agencies,)_S 64 _t\r(most)_S 64 _t\r(importantly)_S 64 _t\r(the)_S 64 _t\r(FBI)_S 64 _t\r(and)_S 64 _t\r(the)_S 64 _t\r(Secret)_S 64 _t\r(Service,)_S 64 _t\r(before)_S 64 _t\r(assum-)_S 1380 8839 _m\r
(ing)_S 64 _t\r(an)_S 64 _t\r(incident)_S 64 _t\r(response)_S 64 _t\r(role.)_S 128 _t\r(There)_S 64 _t\r(are)_S 64 _t\r(many)_S 64 _t\r(reasons)_S 64 _t\r(for)_S 64 _t\r(establishing)_S 64 _t\r(these)_S 64 _t\r(contacts)_S 64 _t\r(at)_S 64 _t\r(the)_S 64 _t\r(out-)_S 1380 8568 _m\r
(set,)_S 64 _t\r(most)_S 64 _t\r(importantly)_S 64 _t\r(because)_S 64 _t\r(the)_S 64 _t\r(handling)_S 64 _t\r(of)_S 64 _t\r(an)_S 64 _t\r(incident)_S 64 _t\r(does)_S 64 _t\r(not)_S 64 _t\r(leave)_S 64 _t\r(time)_S 64 _t\r(to)_S 64 _t\r(establish)_S 64 _t\r(the)_S 1380 8297 _m\r
(correct)_S 64 _t\r(contacts.)_S 128 _t\r(If)_S 64 _t\r(an)_S 64 _t\r(incident)_S 64 _t\r(involving)_S 64 _t\r(criminal)_S 64 _t\r(conduct)_S 64 _t\r(is)_S 64 _t\r(mishandled,)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(could)_S 64 _t\r(con-)_S 1380 8026 _m\r
(ceivably)_S 64 _t\r(cause)_S 64 _t\r(its)_S 64 _t\r(agency)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(legally)_S 64 _t\r(liable.)_S 1831 7484 _m\r
(Issues)_S 64 _t\r(to)_S 64 _t\r(resolve)_S 64 _t\r(with)_S 64 _t\r(law-enforcement)_S 64 _t\r(and)_S 64 _t\r(investigative)_S 64 _t\r(agencies)_S 64 _t\r(include)_S 64 _t\r(differences)_S 64 _t\r(be-)_S 1380 7213 _m\r
(tween)_S 64 _t\r(state)_S 64 _t\r(and)_S 64 _t\r(federal)_S 64 _t\r(law)_S 64 _t\r(that)_S 64 _t\r(affect)_S 64 _t\r(computer)_S 64 _t\r(security,)_S 64 _t\r(gathering)_S 64 _t\r(evidence,)_S 64 _t\r(monitoring)_S 64 _t\r(issues,)_S 1380 6942 _m\r
(and)_S 64 _t\r(which)_S 64 _t\r(agencies)_S 64 _t\r(will)_S 64 _t\r(assume)_S 64 _t\r(jurisdiction)_S 64 _t\r(in)_S 64 _t\r(an)_S 64 _t\r(incident.)_S /Helvetica-BoldR 580 _ff\r
1380 6392 _m\r
(4.4.2)_S 64 _t\r(Incurred)_S 64 _t\r(Liabilities)_S 1831 6016 _m\r
/Times-RomanR 580 _ff\r
(A)_S 64 _t\r(CSIRC)_S 64 _t\r(may)_S 64 _t\r(face)_S 64 _t\r(a)_S 64 _t\r(legal)_S 64 _t\r(obligation)_S 64 _t\r(of)_S 64 _t\r(performing)_S 64 _t\r(its)_S 64 _t\r(duties)_S 64 _t\r(with)_S 64 _t\r(reasonable)_S 64 _t\r(care)_S 64 _t\r(in)_S 64 _t\r(the)_S 1380 5745 _m\r
(investigation)_S 64 _t\r(and)_S 64 _t\r(reporting)_S 64 _t\r(of)_S 64 _t\r(software)_S 64 _t\r(defects)_S 64 _t\r(and)_S 64 _t\r(vulnerabilities.)_S 128 _t\r(If)_S 64 _t\r(the)_S 64 _t\r(CSIRC's)_S 64 _t\r(Charter)_S 64 _t\r(states)_S 1380 5474 _m\r
(that)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(will)_S 64 _t\r(accept)_S 64 _t\r(and)_S 64 _t\r(investigate)_S 64 _t\r(reports)_S 64 _t\r(of)_S 64 _t\r(software)_S 64 _t\r(defects)_S 64 _t\r(or)_S 64 _t\r(vulnerabilities,)_S 64 _t\r(the)_S 1380 5203 _m\r
(CSIRC)_S 64 _t\r(must)_S 64 _t\r(make)_S 64 _t\r(itself)_S 64 _t\r(reasonably)_S 64 _t\r(available)_S 64 _t\r(to)_S 64 _t\r(receive)_S 64 _t\r(reports)_S 64 _t\r(of)_S 64 _t\r(software)_S 64 _t\r(defects.)_S 128 _t\r(An)_S 64 _t\r(e-mail)_S 1380 4932 _m\r
(address)_S 64 _t\r(or)_S 64 _t\r(hotline)_S 64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(made)_S 64 _t\r(available)_S 64 _t\r(for)_S 64 _t\r(reporting)_S 64 _t\r(problems,)_S 64 _t\r(and)_S 64 _t\r(all)_S 64 _t\r(problems)_S 64 _t\r(must)_S 64 _t\r(be)_S 1380 4661 _m\r
(checked)_S 64 _t\r(thoroughly)_S 64 _t\r(for)_S 64 _t\r(accuracy)_S 64 _t\r(and)_S 64 _t\r(then)_S 64 _t\r(logged.)_S 128 _t\r(The)_S 64 _t\r(CSIRC)_S 64 _t\r(must)_S 64 _t\r(accurately)_S 64 _t\r(record)_S 64 _t\r(and)_S 64 _t\r(report)_S 1380 4390 _m\r
(the)_S 64 _t\r(defects)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(proper)_S 64 _t\r(vendors)_S 64 _t\r(or,)_S 64 _t\r(failing)_S 64 _t\r(that,)_S 64 _t\r(to)_S 64 _t\r(user)_S 64 _t\r(groups.)_S 128 _t\r(The)_S 64 _t\r(reports)_S 64 _t\r(must)_S 64 _t\r(be)_S 64 _t\r(held)_S 64 _t\r(confi-)_S 1380 4119 _m\r
(dential)_S 64 _t\r(and)_S 64 _t\r(reported)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(proper)_S 64 _t\r(vendor\(s\))_S 64 _t\r(in)_S 64 _t\r(a)_S 64 _t\r(timely)_S 64 _t\r(manner.)_S 128 _t\r(It)_S 64 _t\r(may)_S 64 _t\r(be)_S 64 _t\r(useful)_S 64 _t\r(to)_S 64 _t\r(solicit)_S 64 _t\r(the)_S 1380 3848 _m\r
(vendor's)_S 64 _t\r(response)_S 64 _t\r(and)_S 64 _t\r(help)_S 64 _t\r(when)_S 64 _t\r(writing)_S 64 _t\r(a)_S 64 _t\r(report)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(defect)_S 64 _t\r(or)_S 64 _t\r(vulnerability)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(constituen-)_S 1380 3577 _m\r
(cy)_S 64 _t\r/Times-RomanR 450 _ff\r
([STEWART89])_S /Times-RomanR 580 _ff\r
(.)_S 1831 3035 _m\r
(The)_S 64 _t\r(possible)_S 64 _t\r(consequences)_S 64 _t\r(of)_S 64 _t\r(failures)_S 64 _t\r(to)_S 64 _t\r(perform)_S 64 _t\r(the)_S 64 _t\r(above)_S 64 _t\r(in)_S 64 _t\r(a)_S 64 _t\r(reasonable)_S 64 _t\r(fashion)_S 64 _t\r(could)_S 1380 2764 _m\r
(involve)_S 64 _t\r(a)_S 64 _t\r(lawsuit)_S 64 _t\r(whereby)_S 64 _t\r(the)_S 64 _t\r(plaintiff)_S 64 _t\r(could)_S 64 _t\r(argue)_S 64 _t\r(that)_S 64 _t\r(the)_S 64 _t\r(CSIRC,)_S 64 _t\r(by)_S 64 _t\r(not)_S 64 _t\r(properly)_S 64 _t\r(disclosing)_S 1380 2493 _m\r
(knowledge)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(software)_S 64 _t\r(defect)_S 64 _t\r(or)_S 64 _t\r(vulnerability,)_S 64 _t\r(would)_S 64 _t\r(have)_S 64 _t\r(a)_S 64 _t\r(legal)_S 64 _t\r(liability)_S 64 _t\r(to)_S 64 _t\r(a)_S 64 _t\r(plaintiff)_S 64 _t\r(that)_S 1380 2222 _m\r
(was)_S 64 _t\r(harmed)_S 64 _t\r(by)_S 64 _t\r(the)_S 64 _t\r(defect.)_S 128 _t\r(For)_S 64 _t\r(this)_S 64 _t\r(reason,)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(must)_S 64 _t\r(not)_S 64 _t\r(purport)_S 64 _t\r(to)_S 64 _t\r(assume)_S 64 _t\r(any)_S 64 _t\r(obligations)_S 1380 1951 _m\r
(that)_S 64 _t\r(other)_S 64 _t\r(groups)_S 64 _t\r(already)_S 64 _t\r(incur,)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(a)_S 64 _t\r(vendor's)_S 64 _t\r(stated)_S 64 _t\r(obligation)_S 64 _t\r(to)_S 64 _t\r(correct)_S 64 _t\r(software)_S 64 _t\r(defects.)_S 64 _t\r1380 1680 _m\r
(The)_S 64 _t\r(CSIRC)_S 64 _t\r(should)_S 64 _t\r(also)_S 64 _t\r(widely)_S 64 _t\r(disseminate)_S 64 _t\r(a)_S 64 _t\r(detailed)_S 64 _t\r(description)_S 64 _t\r(of)_S 64 _t\r(its)_S 64 _t\r(policies)_S 64 _t\r(on)_S 64 _t\r(notifying)_S 5183 893 _m\r
(25)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1020 11578 _m\r
(software)_S 64 _t\r(vendors,)_S 64 _t\r(its)_S 64 _t\r(constituency,)_S 64 _t\r(and)_S 64 _t\r(the)_S 64 _t\r(public)_S 64 _t\r(about)_S 64 _t\r(software)_S 64 _t\r(defects)_S 64 _t\r(or)_S 64 _t\r(vulnerabilities)_S 64 _t\r(to)_S 1020 11307 _m\r
(ensure)_S 64 _t\r(that)_S 64 _t\r(any)_S 64 _t\r(misunderstandings)_S 64 _t\r(or)_S 64 _t\r(false)_S 64 _t\r(expectations)_S 64 _t\r(of)_S 64 _t\r(its)_S 64 _t\r(policies)_S 64 _t\r(are)_S 64 _t\r(minimized.)_S /Helvetica-BoldR 580 _ff\r
1020 10757 _m\r
(4.4.3)_S 64 _t\r(Wording)_S 64 _t\r(of)_S 64 _t\r(Constituency)_S 64 _t\r(Communications)_S 1471 10381 _m\r
/Times-RomanR 580 _ff\r
(When)_S 64 _t\r(writing)_S 64 _t\r(alerts)_S 64 _t\r(or)_S 64 _t\r(reports)_S 64 _t\r(to)_S 64 _t\r(send)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(constituency)_S 64 _t\r(regarding)_S 64 _t\r(an)_S 64 _t\r(incident)_S 64 _t\r(or)_S 64 _t\r(vulnera-)_S 1020 10110 _m\r
(bility,)_S 64 _t\r(care)_S 64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(taken)_S 64 _t\r(to)_S 64 _t\r(choose)_S 64 _t\r(the)_S 64 _t\r(proper)_S 64 _t\r(wording.)_S 128 _t\r(While)_S 64 _t\r(the)_S 64 _t\r(agency)_S 64 _t\r(and)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(may)_S 1020 9839 _m\r
(consider)_S 64 _t\r(that)_S 64 _t\r(any)_S 64 _t\r(communication)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(constituency)_S 64 _t\r(are)_S 64 _t\r(private,)_S 64 _t\r(the)_S 64 _t\r(agency)_S 64 _t\r(should)_S 64 _t\r(expect)_S 64 _t\r(that)_S 1020 9568 _m\r
(the)_S 64 _t\r(communications)_S 64 _t\r(may)_S 64 _t\r(be)_S 64 _t\r(disseminated)_S 64 _t\r(far)_S 64 _t\r(beyond)_S 64 _t\r(the)_S 64 _t\r(constituency.)_S 128 _t\r(The)_S 64 _t\r(same)_S 64 _t\r(care)_S 64 _t\r(should)_S 64 _t\r(be)_S 1020 9297 _m\r
(taken)_S 64 _t\r(with)_S 64 _t\r(the)_S 64 _t\r(press:)_S 64 _t\r(be)_S 64 _t\r(accurate,)_S 64 _t\r(but)_S 64 _t\r(do)_S 64 _t\r(not)_S 64 _t\r(reveal)_S 64 _t\r(evidence)_S 64 _t\r(or)_S 64 _t\r(technical)_S 64 _t\r(details)_S 64 _t\r(that)_S 64 _t\r(may)_S 64 _t\r(result)_S 1020 9026 _m\r
(in)_S 64 _t\r(more)_S 64 _t\r(incidents)_S 64 _t\r(or)_S 64 _t\r(further)_S 64 _t\r(damage.)_S 1471 8484 _m\r
(When)_S 64 _t\r(writing)_S 64 _t\r(about)_S 64 _t\r(software)_S 64 _t\r(defects)_S 64 _t\r(or)_S 64 _t\r(vulnerabilities,)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(should)_S 64 _t\r(avoid)_S 64 _t\r(possible)_S 1020 8213 _m\r
(copyright,)_S 64 _t\r(defamation,)_S 64 _t\r(patent,)_S 64 _t\r(or)_S 64 _t\r(trade)_S 64 _t\r(secret)_S 64 _t\r(issues)_S 64 _t\r(with)_S 64 _t\r(the)_S 64 _t\r(vendor\(s\))_S 64 _t\r(in)_S 64 _t\r(question)_S 64 _t\r/Times-RomanR 450 _ff\r
([STEWART89])_S /Times-RomanR 580 _ff\r
(.)_S 64 _t\r1020 7942 _m\r
(Value-neutral)_S 64 _t\r(words)_S 64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(chosen)_S 64 _t\r(to)_S 64 _t\r(describe)_S 64 _t\r(the)_S 64 _t\r(problems,)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r("possible)_S 64 _t\r(software)_S 64 _t\r(de-)_S 1020 7671 _m\r
(fect")_S 64 _t\r(or)_S 64 _t\r("potential)_S 64 _t\r(security)_S 64 _t\r(vulnerability")_S 64 _t\r(as)_S 64 _t\r(opposed)_S 64 _t\r(to)_S 64 _t\r(words)_S 64 _t\r(that)_S 64 _t\r(imply)_S 64 _t\r(vendor)_S 64 _t\r(negligence)_S 64 _t\r(or)_S 1020 7400 _m\r
(guilt.)_S 128 _t\r(If)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(possesses)_S 64 _t\r(source)_S 64 _t\r(code)_S 64 _t\r(or)_S 64 _t\r(has)_S 64 _t\r(made)_S 64 _t\r(non-disclosure)_S 64 _t\r(agreements,)_S 64 _t\r(care)_S 64 _t\r(should)_S 1020 7129 _m\r
(be)_S 64 _t\r(taken)_S 64 _t\r(to)_S 64 _t\r(avoid)_S 64 _t\r(revealing)_S 64 _t\r(any)_S 64 _t\r(information)_S 64 _t\r(that)_S 64 _t\r(is)_S 64 _t\r(legally)_S 64 _t\r(protected.)_S 64 _t\r1471 6587 _m\r
(The)_S 64 _t\r(legal)_S 64 _t\r(advisor)_S 64 _t\r(may)_S 64 _t\r(suggest)_S 64 _t\r(that)_S 64 _t\r(a)_S 64 _t\r(disclaimer)_S 64 _t\r(be)_S 64 _t\r(attached)_S 64 _t\r(to)_S 64 _t\r(CSIRC)_S 64 _t\r(communications,)_S 1020 6316 _m\r
(especially)_S 64 _t\r(when)_S 64 _t\r(vendor)_S 64 _t\r(products)_S 64 _t\r(are)_S 64 _t\r(mentioned.)_S 128 _t\r(Following)_S 64 _t\r(is)_S 64 _t\r(an)_S 64 _t\r(example)_S 64 _t\r(of)_S 64 _t\r(such)_S 64 _t\r(a)_S 64 _t\r(disclaimer)_S /Times-RomanR 350 _ff\r
8579 6396 _m\r
(4)_S 8638 6396 _m\r
/Times-RomanR 580 _ff\r
8638 6316 _m\r
(:)_S 1620 5788 _m\r
/CourierR 550 _ff\r
(Neither)_S 110 _t\r(the)_S 110 _t\r(United)_S 110 _t\r(States)_S 110 _t\r(Government)_S 110 _t\r(nor)_S 110 _t\r(any)_S 110 _t\r(of)_S 110 _t\r(its)_S 110 _t\r(employ-)_S 1620 5568 _m\r
(ees)_S 110 _t\r(makes)_S 110 _t\r(any)_S 110 _t\r(warranty,)_S 110 _t\r(express)_S 110 _t\r(or)_S 110 _t\r(implied,)_S 110 _t\r(or)_S 110 _t\r(assumes)_S 110 _t\r(any)_S 1620 5348 _m\r
(legal)_S 110 _t\r(liability)_S 110 _t\r(or)_S 110 _t\r(responsibility)_S 110 _t\r(for)_S 110 _t\r(the)_S 110 _t\r(accuracy,)_S 110 _t\r(com-)_S 1620 5128 _m\r
(pleteness,)_S 110 _t\r(or)_S 110 _t\r(usefulness)_S 110 _t\r(of)_S 110 _t\r(any)_S 110 _t\r(information,)_S 110 _t\r(apparatus,)_S 110 _t\r(pro-)_S 1620 4908 _m\r
(duct,)_S 110 _t\r(or)_S 110 _t\r(process)_S 110 _t\r(disclosed,)_S 110 _t\r(or)_S 110 _t\r(represents)_S 110 _t\r(that)_S 110 _t\r(its)_S 110 _t\r(use)_S 110 _t\r(would)_S 1620 4688 _m\r
(not)_S 110 _t\r(infringe)_S 110 _t\r(privately)_S 110 _t\r(owned)_S 110 _t\r(rights.)_S 220 _t\r(Reference)_S 110 _t\r(herein)_S 110 _t\r(to)_S 1620 4468 _m\r
(any)_S 110 _t\r(specific)_S 110 _t\r(commercial)_S 110 _t\r(products,)_S 110 _t\r(process,)_S 110 _t\r(or)_S 110 _t\r(service)_S 110 _t\r(by)_S 1620 4248 _m\r
(trade)_S 110 _t\r(name,)_S 110 _t\r(trademark,)_S 110 _t\r(manufacturer,)_S 110 _t\r(or)_S 110 _t\r(otherwise,)_S 110 _t\r(does)_S 110 _t\r(not)_S 1620 4028 _m\r
(necessarily)_S 110 _t\r(constitute)_S 110 _t\r(or)_S 110 _t\r(imply)_S 110 _t\r(its)_S 110 _t\r(endorsement,)_S 110 _t\r(recommen-)_S 1620 3808 _m\r
(dation)_S 110 _t\r(or)_S 110 _t\r(favoring)_S 110 _t\r(by)_S 110 _t\r(the)_S 110 _t\r(United)_S 110 _t\r(States)_S 110 _t\r(Government.)_S 220 _t\r(The)_S 1620 3588 _m\r
(views)_S 110 _t\r(and)_S 110 _t\r(opinions)_S 110 _t\r(of)_S 110 _t\r(authors)_S 110 _t\r(expressed)_S 110 _t\r(herein)_S 110 _t\r(do)_S 110 _t\r(not)_S 110 _t\r(neces-)_S 1620 3368 _m\r
(sarily)_S 110 _t\r(state)_S 110 _t\r(or)_S 110 _t\r(reflect)_S 110 _t\r(those)_S 110 _t\r(of)_S 110 _t\r(the)_S 110 _t\r(United)_S 110 _t\r(States)_S 110 _t\r(Govern-)_S 1620 3148 _m\r
(ment,)_S 110 _t\r(and)_S 110 _t\r(shall)_S 110 _t\r(not)_S 110 _t\r(be)_S 110 _t\r(used)_S 110 _t\r(for)_S 110 _t\r(advertising)_S 110 _t\r(or)_S 110 _t\r(product)_S 110 _t\r(en-)_S 1620 2928 _m\r
(dorsement)_S 110 _t\r(purposes.)_S 110 _t\r1020 2006 _m\r
/Times-RomanR 580 _ff\r
_U 3420 2006 _m\r
_u 1020 1691 _m\r
/Times-RomanR 475 _ff\r
53 _t\r53 _t\r53 _t\r53 _t\r53 _t\r/Times-RomanR 285 _ff\r
1285 1756 _m\r
(4)_S 1333 1756 _m\r
/Times-RomanR 475 _ff\r
1333 1691 _m\r
(This)_S 72 _t\r(disclaimer)_S 71 _t\r(is)_S 72 _t\r(adapted)_S 72 _t\r(from)_S 71 _t\r(a)_S 72 _t\r(disclaimer)_S 72 _t\r(used)_S 72 _t\r(by)_S 71 _t\r(the)_S 72 _t\r(Department)_S 72 _t\r(of)_S 72 _t\r(Energy's)_S 71 _t\r(Computer)_S 72 _t\r(Incident)_S 72 _t\r(Advisory)_S 1020 1500 _m\r
(Capability)_S 54 _t\r(\(CIAC\).)_S 109 _t\r(It)_S 55 _t\r(is)_S 54 _t\r(provided)_S 55 _t\r(here)_S 54 _t\r(only)_S 54 _t\r(as)_S 55 _t\r(an)_S 54 _t\r(example;)_S 55 _t\r(agencies)_S 54 _t\r(should)_S 54 _t\r(consult)_S 55 _t\r(their)_S 54 _t\r(legal)_S 55 _t\r(advisors)_S 54 _t\r(for)_S 55 _t\r(appropriate)_S 1020 1309 _m\r
(wording.)_S /Times-RomanR 580 _ff\r
/CourierR 550 _ff\r
4823 893 _m\r
/Times-RomanR 580 _ff\r
(26)_S /CourierR 550 _ff\r
_ep\r
_bp /CourierR 550 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
/HelveticaR 580 _ff\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /HelveticaR 580 _ff\r
1380 11565 _m\r
/Helvetica-BoldR 580 _ff\r
(4.4.4)_S 64 _t\r(Logging)_S 64 _t\r(and)_S 64 _t\r(Gathering)_S 64 _t\r(Evidence)_S 1831 11189 _m\r
/Times-RomanR 580 _ff\r
(At)_S 64 _t\r(the)_S 64 _t\r(outset)_S 64 _t\r(of)_S 64 _t\r(an)_S 64 _t\r(incident,)_S 64 _t\r(it)_S 64 _t\r(may)_S 64 _t\r(not)_S 64 _t\r(be)_S 64 _t\r(possible)_S 64 _t\r(to)_S 64 _t\r(determine)_S 64 _t\r(whether)_S 64 _t\r(the)_S 64 _t\r(incident)_S 64 _t\r(will)_S 1380 10918 _m\r
(result)_S 64 _t\r(in)_S 64 _t\r(a)_S 64 _t\r(prosecution.)_S 128 _t\r(Thus,)_S 64 _t\r(incident)_S 64 _t\r(logging)_S 64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(treated)_S 64 _t\r(much)_S 64 _t\r(the)_S 64 _t\r(same)_S 64 _t\r(as)_S 64 _t\r(evidence)_S 1380 10647 _m\r
(gathering:)_S 64 _t\r(the)_S 64 _t\r(incident)_S 64 _t\r(log)_S 64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(detailed,)_S 64 _t\r(accurate,)_S 64 _t\r(and)_S 64 _t\r(the)_S 64 _t\r(proper)_S 64 _t\r(procedures)_S 64 _t\r(should)_S 64 _t\r(be)_S 1380 10376 _m\r
(followed)_S 64 _t\r(so)_S 64 _t\r(that)_S 64 _t\r(the)_S 64 _t\r(incident)_S 64 _t\r(log)_S 64 _t\r(could)_S 64 _t\r(be)_S 64 _t\r(used)_S 64 _t\r(as)_S 64 _t\r(evidence)_S 64 _t\r(in)_S 64 _t\r(a)_S 64 _t\r(court)_S 64 _t\r(of)_S 64 _t\r(law.)_S 128 _t\r(Investigative)_S 64 _t\r(agen-)_S 1380 10105 _m\r
(cies)_S 64 _t\r(can)_S 64 _t\r(provide)_S 64 _t\r(more)_S 64 _t\r(detail;)_S 64 _t\r(at)_S 64 _t\r(a)_S 64 _t\r(minimum,)_S 64 _t\r(use)_S 64 _t\r(the)_S 64 _t\r(following)_S 64 _t\r(procedures:)_S 1831 9789 _m\r
(\267)_S 2003 9789 _m\r
(at)_S 64 _t\r(the)_S 64 _t\r(end)_S 64 _t\r(of)_S 64 _t\r(each)_S 64 _t\r(day,)_S 64 _t\r(make)_S 64 _t\r(a)_S 64 _t\r(photocopy)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(incident)_S 64 _t\r(log;)_S 1831 9473 _m\r
(\267)_S 2003 9473 _m\r
(sign)_S 64 _t\r(and)_S 64 _t\r(date)_S 64 _t\r(the)_S 64 _t\r(photocopy)_S 64 _t\r(and)_S 64 _t\r(submit)_S 64 _t\r(it)_S 64 _t\r(to)_S 64 _t\r(a)_S 64 _t\r(document)_S 64 _t\r(custodian;)_S 1831 9157 _m\r
(\267)_S 2003 9157 _m\r
(accept)_S 64 _t\r(and)_S 64 _t\r(retain)_S 64 _t\r(the)_S 64 _t\r(receipt)_S 64 _t\r(from)_S 64 _t\r(the)_S 64 _t\r(custodian;)_S 64 _t\r(and)_S 1831 8841 _m\r
(\267)_S 2003 8841 _m\r
(the)_S 64 _t\r(document)_S 64 _t\r(custodian)_S 64 _t\r(must)_S 64 _t\r(store)_S 64 _t\r(the)_S 64 _t\r(photocopy)_S 64 _t\r(in)_S 64 _t\r(a)_S 64 _t\r(secure)_S 64 _t\r(area.)_S 1831 8299 _m\r
(When)_S 64 _t\r(logging)_S 64 _t\r(or)_S 64 _t\r(monitoring)_S 64 _t\r(electronic)_S 64 _t\r(information)_S 64 _t\r(concerning)_S 64 _t\r(an)_S 64 _t\r(incident,)_S 64 _t\r(always)_S 64 _t\r(contact)_S 1380 8028 _m\r
(the)_S 64 _t\r(investigative)_S 64 _t\r(agencies)_S 64 _t\r(first)_S 64 _t\r(for)_S 64 _t\r(advice)_S 64 _t\r(on)_S 64 _t\r(legal)_S 64 _t\r(issues)_S 64 _t\r(and)_S 64 _t\r(procedures)_S 64 _t\r/Times-RomanR 450 _ff\r
([HANSEN90])_S /Times-RomanR 580 _ff\r
(,)_S 1380 7757 _m\r
/Times-RomanR 450 _ff\r
([HOLBROOK91])_S /Times-RomanR 580 _ff\r
(.)_S /Helvetica-BoldR 700 _ff\r
1380 7127 _m\r
(4.5)_S 1831 7127 _m\r
(Working)_S 78 _t\r(With)_S 78 _t\r(the)_S 78 _t\r(News)_S 78 _t\r(Media)_S 1831 6713 _m\r
/Times-RomanR 580 _ff\r
(Certain)_S 64 _t\r(types)_S 64 _t\r(of)_S 64 _t\r(incidents)_S 64 _t\r(may)_S 64 _t\r(generate)_S 64 _t\r(inquiries)_S 64 _t\r(from)_S 64 _t\r(the)_S 64 _t\r(press)_S 64 _t\r(or)_S 64 _t\r(broadcast)_S 64 _t\r(media,)_S 64 _t\r(or)_S 64 _t\r(it)_S 1380 6442 _m\r
(may)_S 64 _t\r(be)_S 64 _t\r(advisable)_S 64 _t\r(in)_S 64 _t\r(certain)_S 64 _t\r(circumstances)_S 64 _t\r(to)_S 64 _t\r(issue)_S 64 _t\r(information)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(media.)_S 128 _t\r(There)_S 64 _t\r(are)_S 64 _t\r(many)_S 1380 6171 _m\r
(issues)_S 64 _t\r(to)_S 64 _t\r(consider)_S 64 _t\r(when)_S 64 _t\r(working)_S 64 _t\r(with)_S 64 _t\r(the)_S 64 _t\r(press,)_S 64 _t\r(thus)_S 64 _t\r(an)_S 64 _t\r(agency's)_S 64 _t\r(public)_S 64 _t\r(affairs)_S 64 _t\r(office)_S 64 _t\r(\(or)_S 64 _t\r(equiva-)_S 1380 5900 _m\r
(lent\))_S 64 _t\r(should)_S 64 _t\r(always)_S 64 _t\r(be)_S 64 _t\r(contacted)_S 64 _t\r(first)_S 64 _t\r(before)_S 64 _t\r(any)_S 64 _t\r(dealings)_S 64 _t\r(with)_S 64 _t\r(the)_S 64 _t\r(press.)_S 128 _t\r(The)_S 64 _t\r(public)_S 64 _t\r(affairs)_S 1380 5629 _m\r
(office)_S 64 _t\r(can)_S 64 _t\r(act)_S 64 _t\r(as)_S 64 _t\r(a)_S 64 _t\r(single)_S 64 _t\r(point)_S 64 _t\r(of)_S 64 _t\r(contact)_S 64 _t\r(for)_S 64 _t\r(the)_S 64 _t\r(press,)_S 64 _t\r(which)_S 64 _t\r(shields)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(staff)_S 64 _t\r(and)_S 64 _t\r(leaves)_S 1380 5358 _m\r
(them)_S 64 _t\r(more)_S 64 _t\r(time)_S 64 _t\r(to)_S 64 _t\r(handle)_S 64 _t\r(the)_S 64 _t\r(incident.)_S 128 _t\r(Talk)_S 64 _t\r(candidly)_S 64 _t\r(with)_S 64 _t\r(the)_S 64 _t\r(public)_S 64 _t\r(affairs)_S 64 _t\r(office)_S 64 _t\r(and)_S 64 _t\r(ensure)_S 1380 5087 _m\r
(that)_S 64 _t\r(they)_S 64 _t\r(understand)_S 64 _t\r(the)_S 64 _t\r(technical)_S 64 _t\r(issues,)_S 64 _t\r(so)_S 64 _t\r(that)_S 64 _t\r(they)_S 64 _t\r(may)_S 64 _t\r(communicate)_S 64 _t\r(more)_S 64 _t\r(effectively)_S 64 _t\r(and)_S 1380 4816 _m\r
(accurately)_S 64 _t\r(with)_S 64 _t\r(the)_S 64 _t\r(press.)_S 128 _t\r(False)_S 64 _t\r(or)_S 64 _t\r(misleading)_S 64 _t\r(information)_S 64 _t\r(may)_S 64 _t\r(ultimately)_S 64 _t\r(cause)_S 64 _t\r(more)_S 64 _t\r(damage)_S 64 _t\r(to)_S 1380 4545 _m\r
(the)_S 64 _t\r(agency's)_S 64 _t\r(image)_S 64 _t\r(than)_S 64 _t\r(the)_S 64 _t\r(incident)_S 64 _t\r(itself)_S 64 _t\r/Times-RomanR 450 _ff\r
([BRAND89])_S /Times-RomanR 580 _ff\r
(.)_S 128 _t\r(Some)_S 64 _t\r(suggestions)_S 64 _t\r(when)_S 64 _t\r(working)_S 64 _t\r(with)_S 64 _t\r(the)_S 1380 4274 _m\r
(press)_S 64 _t\r(regarding)_S 64 _t\r(an)_S 64 _t\r(incident)_S 64 _t\r(are:)_S 1831 3958 _m\r
(\267)_S 2003 3958 _m\r
(contact)_S 64 _t\r(the)_S 64 _t\r(legal)_S 64 _t\r(advisor)_S 64 _t\r(if)_S 64 _t\r(unsure)_S 64 _t\r(of)_S 64 _t\r(legal)_S 64 _t\r(issues;)_S 1831 3642 _m\r
(\267)_S 2003 3642 _m\r
(establish)_S 64 _t\r(a)_S 64 _t\r(single)_S 64 _t\r(point)_S 64 _t\r(of)_S 64 _t\r(contact)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(press)_S 64 _t\r(so)_S 64 _t\r(that)_S 64 _t\r(media)_S 64 _t\r(inquiries)_S 64 _t\r(are)_S 64 _t\r(coordinated)_S 64 _t\r(and)_S 2003 3439 _m\r
(the)_S 64 _t\r(CSIRC)_S 64 _t\r(is)_S 64 _t\r(able)_S 64 _t\r(to)_S 64 _t\r(concentrate)_S 64 _t\r(on)_S 64 _t\r(resolving)_S 64 _t\r(the)_S 64 _t\r(incident;)_S 1831 3123 _m\r
(\267)_S 2003 3123 _m\r
(keep)_S 64 _t\r(the)_S 64 _t\r(level)_S 64 _t\r(of)_S 64 _t\r(technical)_S 64 _t\r(detail)_S 64 _t\r(low)_S 64 _t\r(-)_S 64 _t\r(do)_S 64 _t\r(not)_S 64 _t\r(provide)_S 64 _t\r(attackers)_S 64 _t\r(with)_S 64 _t\r(information;)_S 1831 2807 _m\r
(\267)_S 2003 2807 _m\r
(be)_S 64 _t\r(as)_S 64 _t\r(accurate)_S 64 _t\r(as)_S 64 _t\r(possible,)_S 64 _t\r(but)_S 64 _t\r(do)_S 64 _t\r(not)_S 64 _t\r(speculate;)_S 64 _t\r(and)_S 1831 2491 _m\r
(\267)_S 2003 2491 _m\r
(ensure)_S 64 _t\r(that)_S 64 _t\r(details)_S 64 _t\r(about)_S 64 _t\r(the)_S 64 _t\r(incident)_S 64 _t\r(that)_S 64 _t\r(may)_S 64 _t\r(be)_S 64 _t\r(used)_S 64 _t\r(as)_S 64 _t\r(evidence)_S 64 _t\r(are)_S 64 _t\r(first)_S 64 _t\r(checked)_S 64 _t\r(with)_S 2003 2288 _m\r
(investigative)_S 64 _t\r(agencies.)_S 5183 893 _m\r
(27)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
/HelveticaR 700 _ff\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /HelveticaR 700 _ff\r
1020 11539 _m\r
/Helvetica-BoldR 700 _ff\r
(4.6)_S 1471 11539 _m\r
(Post-Incident)_S 78 _t\r(Analysis)_S 1471 11123 _m\r
/Times-RomanR 580 _ff\r
(After)_S 64 _t\r(an)_S 64 _t\r(incident)_S 64 _t\r(has)_S 64 _t\r(been)_S 64 _t\r(resolved,)_S 64 _t\r(a)_S 64 _t\r/Times-ItalicR 580 _ff\r
(post-mortem)_S /Times-RomanR 580 _ff\r
64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(conducted)_S 64 _t\r(so)_S 64 _t\r(that)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 1020 10851 _m\r
(can)_S 64 _t\r(learn)_S 64 _t\r(from)_S 64 _t\r(the)_S 64 _t\r(experience)_S 64 _t\r(and,)_S 64 _t\r(if)_S 64 _t\r(necessary,)_S 64 _t\r(update)_S 64 _t\r(its)_S 64 _t\r(procedures.)_S 128 _t\r(The)_S 64 _t\r(following)_S 64 _t\r(sorts)_S 64 _t\r(of)_S 1020 10580 _m\r
(incident)_S 64 _t\r(information)_S 64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(examined:)_S 1471 10264 _m\r
(\267)_S 1643 10264 _m\r
(how)_S 64 _t\r(the)_S 64 _t\r(incident)_S 64 _t\r(started:)_S 64 _t\r(which)_S 64 _t\r(vulnerabilities)_S 64 _t\r(were)_S 64 _t\r(exploited,)_S 64 _t\r(how)_S 64 _t\r(access)_S 64 _t\r(was)_S 64 _t\r(gained,)_S 1643 10061 _m\r
(and)_S 64 _t\r(other)_S 64 _t\r(relevant)_S 64 _t\r(details;)_S 1471 9745 _m\r
(\267)_S 1643 9745 _m\r
(how)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(became)_S 64 _t\r(aware)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(incident;)_S 1471 9429 _m\r
(\267)_S 1643 9429 _m\r
(how)_S 64 _t\r(the)_S 64 _t\r(incident)_S 64 _t\r(was)_S 64 _t\r(resolved;)_S 1471 9113 _m\r
(\267)_S 1643 9113 _m\r
(whether)_S 64 _t\r(existing)_S 64 _t\r(procedures)_S 64 _t\r(were)_S 64 _t\r(adequate)_S 64 _t\r(or)_S 64 _t\r(require)_S 64 _t\r(updating;)_S 1471 8797 _m\r
(\267)_S 1643 8797 _m\r
(whether)_S 64 _t\r(vulnerabilities)_S 64 _t\r(still)_S 64 _t\r(need)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(closed;)_S 64 _t\r(and)_S 1471 8481 _m\r
(\267)_S 1643 8481 _m\r
(whether)_S 64 _t\r(new)_S 64 _t\r(contacts)_S 64 _t\r(were)_S 64 _t\r(made.)_S 1471 7939 _m\r
(As)_S 64 _t\r(a)_S 64 _t\r(result)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(post-incident)_S 64 _t\r(analysis,)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(may)_S 64 _t\r(need)_S 64 _t\r(to)_S 64 _t\r(issue)_S 64 _t\r(alerts)_S 64 _t\r(or)_S 64 _t\r(warnings)_S 64 _t\r(to)_S 64 _t\r(its)_S 1020 7668 _m\r
(constituency)_S 64 _t\r(about)_S 64 _t\r(certain)_S 64 _t\r(actions)_S 64 _t\r(to)_S 64 _t\r(take)_S 64 _t\r(to)_S 64 _t\r(reduce)_S 64 _t\r(vulnerabilities)_S 64 _t\r(that)_S 64 _t\r(were)_S 64 _t\r(exploited)_S 64 _t\r(during)_S 64 _t\r(the)_S 1020 7397 _m\r
(incident.)_S 128 _t\r(The)_S 64 _t\r(CSIRC)_S 64 _t\r(may)_S 64 _t\r(also)_S 64 _t\r(need)_S 64 _t\r(to)_S 64 _t\r(update)_S 64 _t\r(its)_S 64 _t\r(Operations)_S 64 _t\r(Handbook)_S 64 _t\r(to)_S 64 _t\r(reflect)_S 64 _t\r(new)_S 64 _t\r(proce-)_S 1020 7126 _m\r
(dures.)_S 128 _t\r(The)_S 64 _t\r(CSIRC)_S 64 _t\r(could)_S 64 _t\r(use)_S 64 _t\r(a)_S 64 _t\r(post-incident)_S 64 _t\r(analysis)_S 64 _t\r(to)_S 64 _t\r(ascertain)_S 64 _t\r(its)_S 64 _t\r(impact)_S 64 _t\r(on)_S 64 _t\r(the)_S 64 _t\r(agency)_S 64 _t\r(as)_S 64 _t\r(a)_S 1020 6855 _m\r
(result)_S 64 _t\r(of)_S 64 _t\r(handling)_S 64 _t\r(and)_S 64 _t\r(resolving)_S 64 _t\r(the)_S 64 _t\r(incident.)_S 128 _t\r(Although)_S 64 _t\r(this)_S 64 _t\r(may)_S 64 _t\r(be)_S 64 _t\r(difficult)_S 64 _t\r(to)_S 64 _t\r(quantify,)_S 64 _t\r(some)_S 1020 6584 _m\r
(measure)_S 64 _t\r(of)_S 64 _t\r(its)_S 64 _t\r(performance)_S 64 _t\r(and)_S 64 _t\r(beneficial)_S 64 _t\r(effect)_S 64 _t\r(may)_S 64 _t\r(be)_S 64 _t\r(useful)_S 64 _t\r(in)_S 64 _t\r(determining)_S 64 _t\r(the)_S 64 _t\r(future)_S 64 _t\r(scope)_S 1020 6313 _m\r
(and)_S 64 _t\r(direction)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(CSIRC.)_S /Helvetica-BoldR 700 _ff\r
1020 5683 _m\r
(4.7)_S 1471 5683 _m\r
(Measuring)_S 78 _t\r(the)_S 78 _t\r(Effectiveness)_S 78 _t\r(of)_S 78 _t\r(a)_S 78 _t\r(CSIRC)_S 1471 5267 _m\r
/Times-RomanR 580 _ff\r
(How)_S 64 _t\r(does)_S 64 _t\r(an)_S 64 _t\r(agency)_S 64 _t\r(determine)_S 64 _t\r(whether)_S 64 _t\r(the)_S 64 _t\r(investment)_S 64 _t\r(in)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(has)_S 64 _t\r(actually)_S 64 _t\r/Times-ItalicR 580 _ff\r
(paid)_S 64 _t\r(off)_S /Times-RomanR 580 _ff\r
64 _t\r(in)_S 1020 4995 _m\r
(terms)_S 64 _t\r(of)_S 64 _t\r(increasing)_S 64 _t\r(security?)_S 128 _t\r(The)_S 64 _t\r(answer)_S 64 _t\r(might)_S 64 _t\r(not)_S 64 _t\r(be)_S 64 _t\r(entirely)_S 64 _t\r(quantifiable)_S 64 _t\r(in)_S 64 _t\r(terms)_S 64 _t\r(of)_S 64 _t\r(dollars)_S 1020 4724 _m\r
(saved)_S 64 _t\r(and)_S 64 _t\r(incidents)_S 64 _t\r(handled.)_S 128 _t\r(It)_S 64 _t\r(may)_S 64 _t\r(not)_S 64 _t\r(be)_S 64 _t\r(possible)_S 64 _t\r(to)_S 64 _t\r(satisfactorily)_S 64 _t\r(quantify)_S 64 _t\r(the)_S 64 _t\r(benefits)_S 64 _t\r(a)_S 1020 4453 _m\r
(CSIRC)_S 64 _t\r(provides)_S 64 _t\r(within)_S 64 _t\r(its)_S 64 _t\r(first)_S 64 _t\r(year)_S 64 _t\r(of)_S 64 _t\r(operation.)_S 128 _t\r(It)_S 64 _t\r(could)_S 64 _t\r(turn)_S 64 _t\r(out)_S 64 _t\r(that)_S 64 _t\r(the)_S 64 _t\r(initial)_S 64 _t\r(estimate)_S 64 _t\r(of)_S 64 _t\r(the)_S 1020 4182 _m\r
(security)_S 64 _t\r(problems)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(handled)_S 64 _t\r(by)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(has)_S 64 _t\r(fallen)_S 64 _t\r(far)_S 64 _t\r(short)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(real)_S 64 _t\r(problem,)_S 64 _t\r(making)_S 64 _t\r(it)_S 1020 3911 _m\r
(appear)_S 64 _t\r(as)_S 64 _t\r(if)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(is)_S 64 _t\r(not)_S 64 _t\r(making)_S 64 _t\r(rapid)_S 64 _t\r(progress.)_S 128 _t\r(A)_S 64 _t\r(CSIRC)_S 64 _t\r(will)_S 64 _t\r(have)_S 64 _t\r(to)_S 64 _t\r(recognize)_S 64 _t\r(the)_S 64 _t\r(diffi-)_S 1020 3640 _m\r
(culty)_S 64 _t\r(in)_S 64 _t\r(measuring)_S 64 _t\r(the)_S 64 _t\r(success)_S 64 _t\r(of)_S 64 _t\r(its)_S 64 _t\r(activities)_S 64 _t\r(and)_S 64 _t\r(in)_S 64 _t\r(part,)_S 64 _t\r(justify)_S 64 _t\r(those)_S 64 _t\r(activities)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(organiza-)_S 1020 3369 _m\r
(tion.)_S 1471 2827 _m\r
(One)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(ways)_S 64 _t\r(in)_S 64 _t\r(which)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(could)_S 64 _t\r(rate)_S 64 _t\r(its)_S 64 _t\r(success)_S 64 _t\r(is)_S 64 _t\r(by)_S 64 _t\r(collecting)_S 64 _t\r(and)_S 64 _t\r(analyzing)_S 1020 2556 _m\r
(statistics)_S 64 _t\r(on)_S 64 _t\r(its)_S 64 _t\r(activity.)_S 128 _t\r(For)_S 64 _t\r(example,)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(could)_S 64 _t\r(keep)_S 64 _t\r(statistics)_S 64 _t\r(on)_S 64 _t\r(the)_S 64 _t\r(following)_S 64 _t\r(items:)_S 1471 2240 _m\r
(\267)_S 1643 2240 _m\r
(incidents)_S 64 _t\r(responded)_S 64 _t\r(to)_S 1471 1924 _m\r
(\267)_S 1643 1924 _m\r
(vulnerabilities)_S 64 _t\r(reported)_S 1471 1608 _m\r
(\267)_S 1643 1608 _m\r
(vulnerabilities)_S 64 _t\r(fixed)_S 4823 893 _m\r
(28)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1831 11573 _m\r
(\267)_S 2003 11573 _m\r
(incidents)_S 64 _t\r(reported)_S 1831 11257 _m\r
(\267)_S 2003 11257 _m\r
(tools)_S 64 _t\r(implemented)_S 1831 10941 _m\r
(\267)_S 2003 10941 _m\r
(e-mail)_S 64 _t\r(messages)_S 64 _t\r(received/sent)_S 1831 10399 _m\r
(By)_S 64 _t\r(examining)_S 64 _t\r(these)_S 64 _t\r(statistics)_S 64 _t\r(and)_S 64 _t\r(others,)_S 64 _t\r(the)_S 64 _t\r(CSIRC)_S 64 _t\r(and)_S 64 _t\r(other)_S 64 _t\r(management)_S 64 _t\r(can)_S 64 _t\r(measure)_S 1380 10128 _m\r
(the)_S 64 _t\r(success)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(operation.)_S 128 _t\r(Statistics)_S 64 _t\r(such)_S 64 _t\r(as)_S 64 _t\r(these)_S 64 _t\r(will)_S 64 _t\r(be)_S 64 _t\r(very)_S 64 _t\r(helpful)_S 64 _t\r(in)_S 64 _t\r(measuring)_S 64 _t\r(and)_S 64 _t\r(com-)_S 1380 9857 _m\r
(paring)_S 64 _t\r(CSIRC)_S 64 _t\r(performance)_S 64 _t\r(in)_S 64 _t\r(subsequent)_S 64 _t\r(years.)_S /Helvetica-BoldR 700 _ff\r
1380 9227 _m\r
(4.8)_S 1831 9227 _m\r
(Additional)_S 78 _t\r(Assistance)_S 1831 8813 _m\r
/Times-RomanR 580 _ff\r
(There)_S 64 _t\r(are)_S 64 _t\r(more)_S 64 _t\r(issues,)_S 64 _t\r(steps,)_S 64 _t\r(and)_S 64 _t\r(concerns)_S 64 _t\r(involved)_S 64 _t\r(in)_S 64 _t\r(establishing)_S 64 _t\r(a)_S 64 _t\r(CSIRC)_S 64 _t\r(than)_S 64 _t\r(are)_S 64 _t\r(listed)_S 1380 8542 _m\r
(here.)_S 128 _t\r(Agencies)_S 64 _t\r(should)_S 64 _t\r(draw)_S 64 _t\r(on)_S 64 _t\r(the)_S 64 _t\r(experiences)_S 64 _t\r(of)_S 64 _t\r(others)_S 64 _t\r(that)_S 64 _t\r(have)_S 64 _t\r(already)_S 64 _t\r(developed)_S 64 _t\r(CSIRC)_S 1380 8271 _m\r
(efforts)_S 64 _t\r(as)_S 64 _t\r(well)_S 64 _t\r(as)_S 64 _t\r(examine)_S 64 _t\r(the)_S 64 _t\r(references)_S 64 _t\r(listed)_S 64 _t\r(in)_S 64 _t\r(this)_S 64 _t\r(guide)_S 64 _t\r(for)_S 64 _t\r(more)_S 64 _t\r(information.)_S 128 _t\r(It)_S 64 _t\r(is)_S 64 _t\r(impor-)_S 1380 8000 _m\r
(tant)_S 64 _t\r(that)_S 64 _t\r(these)_S 64 _t\r(agencies)_S 64 _t\r(document)_S 64 _t\r(the)_S 64 _t\r(lessons)_S 64 _t\r(learned)_S 64 _t\r(in)_S 64 _t\r(this)_S 64 _t\r(process,)_S 64 _t\r(so)_S 64 _t\r(that)_S 64 _t\r(other)_S 64 _t\r(agencies)_S 64 _t\r(and)_S 1380 7729 _m\r
(groups)_S 64 _t\r(can)_S 64 _t\r(gain)_S 64 _t\r(from)_S 64 _t\r(their)_S 64 _t\r(experiences.)_S 128 _t\r(Of)_S 64 _t\r(particular)_S 64 _t\r(use)_S 64 _t\r(is)_S 64 _t\r/Times-RomanR 450 _ff\r
([FEDELI91])_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r/Times-RomanR 450 _ff\r
([SCHULTZ90])_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(and)_S 1380 7458 _m\r
/Times-RomanR 450 _ff\r
([RFC1244])_S /Times-RomanR 580 _ff\r
(.)_S 5183 893 _m\r
(29)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
4823 893 _m\r
(30)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
/HelveticaR 900 _ff\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /HelveticaR 900 _ff\r
1380 11483 _m\r
/Helvetica-BoldR 900 _ff\r
(5.)_S 1831 11483 _m\r
(References)_S /Times-RomanR 580 _ff\r
1380 10900 _m\r
([BRAND89])_S 2934 10900 _m\r
(Brand,)_S 64 _t\r(Russell)_S 64 _t\r(L.,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Coping)_S 64 _t\r(With)_S 64 _t\r(the)_S 64 _t\r(Threat)_S 64 _t\r(of)_S 64 _t\r(Computer)_S 64 _t\r(Security)_S 64 _t\r(Incidents:)_S 64 _t\r(A)_S 2934 10695 _m\r
(Primer)_S 64 _t\r(from)_S 64 _t\r(Prevention)_S 64 _t\r(through)_S 64 _t\r(Recovery)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(July,)_S 64 _t\r(1989.)_S 1380 10152 _m\r
([DDN89])_S 2934 10152 _m\r
(DCA)_S 64 _t\r(DDN)_S 64 _t\r(Defense)_S 64 _t\r(Communications)_S 64 _t\r(System,)_S 64 _t\r("DDN)_S 64 _t\r(Security)_S 64 _t\r(Bulletin)_S 64 _t\r(01,")_S 2934 9949 _m\r
(DDN)_S 64 _t\r(Security)_S 64 _t\r(Coordination)_S 64 _t\r(Center,)_S 64 _t\r(October,)_S 64 _t\r(1989.)_S 1380 9405 _m\r
([FEDELI91])_S 64 _t\r2934 9405 _m\r
(Fedeli,)_S 64 _t\r(Alan,)_S 64 _t\r("Organizing)_S 64 _t\r(a)_S 64 _t\r(Corporate)_S 64 _t\r(Anti-Virus)_S 64 _t\r(Effort,")_S 64 _t\r/Times-ItalicR 580 _ff\r
(Proceedings)_S 64 _t\r(of)_S 64 _t\r(the)_S 2934 9200 _m\r
(Third)_S 64 _t\r(Annual)_S 64 _t\r(Computer)_S 64 _t\r(VIRUS)_S 64 _t\r(Clinic)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(Nationwide)_S 64 _t\r(Computer)_S 64 _t\r(Corp.,)_S 64 _t\r(March,)_S 2934 8997 _m\r
(1990.)_S 1380 8453 _m\r
([GAO89])_S 2934 8453 _m\r
/Times-ItalicR 580 _ff\r
(Computer)_S 64 _t\r(Security)_S 64 _t\r(-)_S 64 _t\r(Virus)_S 64 _t\r(Highlights)_S 64 _t\r(Need)_S 64 _t\r(for)_S 64 _t\r(Improved)_S 64 _t\r(Internet)_S 64 _t\r(Manage-)_S 2934 8248 _m\r
(ment)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(United)_S 64 _t\r(States)_S 64 _t\r(General)_S 64 _t\r(Accounting)_S 64 _t\r(Office,)_S 64 _t\r(Washington,)_S 64 _t\r(DC,)_S 64 _t\r(1989.)_S 1380 7703 _m\r
([HANSEN90])_S 2934 7703 _m\r
(Hansen,)_S 64 _t\r(Steve,)_S 64 _t\r("Legal)_S 64 _t\r(Issues:)_S 64 _t\r(A)_S 64 _t\r(Site)_S 64 _t\r(Manager's)_S 64 _t\r(Nightmare,")_S 64 _t\r/Times-ItalicR 580 _ff\r
(Proceedings)_S 64 _t\r(of)_S 2934 7498 _m\r
(the)_S 64 _t\r(Second)_S 64 _t\r(Invitational)_S 64 _t\r(Workshop)_S 64 _t\r(on)_S 64 _t\r(Computer)_S 64 _t\r(Security)_S 64 _t\r(Incident)_S 64 _t\r(Response)_S /Times-RomanR 580 _ff\r
(,)_S 2934 7295 _m\r
(June,)_S 64 _t\r(1990.)_S 1380 6751 _m\r
([HOLBROOK91])_S 2934 6751 _m\r
(Holbrook,)_S 64 _t\r(P.,)_S 64 _t\r(and)_S 64 _t\r(Reynolds,)_S 64 _t\r(J.,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Security)_S 64 _t\r(Policy)_S 64 _t\r(Handbook)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(RFC)_S 64 _t\r(1244)_S 64 _t\r(pre-)_S 2934 6548 _m\r
(pared)_S 64 _t\r(for)_S 64 _t\r(the)_S 64 _t\r(Internet)_S 64 _t\r(Engineering)_S 64 _t\r(Task)_S 64 _t\r(Force,)_S 64 _t\r(1991.)_S 1380 6004 _m\r
([NIST90])_S 2934 6004 _m\r
/Times-ItalicR 580 _ff\r
(CERT)_S 64 _t\r(System)_S 64 _t\r(Operational)_S 64 _t\r(Framework)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(National)_S 64 _t\r(Institute)_S 64 _t\r(of)_S 64 _t\r(Standards)_S 64 _t\r(and)_S 2934 5801 _m\r
(Technology,)_S 64 _t\r(1990.)_S 1380 5257 _m\r
([PETHIA90])_S 2934 5257 _m\r
(Pethia,)_S 64 _t\r(Rich,)_S 64 _t\r(and)_S 64 _t\r(van)_S 64 _t\r(Wyk,)_S 64 _t\r(Kenneth,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Computer)_S 64 _t\r(Emergency)_S 64 _t\r(Response)_S 64 _t\r(-)_S 64 _t\r(An)_S 2934 5052 _m\r
(International)_S 64 _t\r(Problem)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(1990.)_S 1380 4507 _m\r
([QUARTERM90])_S 2934 4507 _m\r
(Quarterman,)_S 64 _t\r(John,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(The)_S 64 _t\r(Matrix)_S 64 _t\r(-)_S 64 _t\r(Computer)_S 64 _t\r(Networks)_S 64 _t\r(and)_S 64 _t\r(Conferencing)_S 64 _t\r(Sys-)_S 2934 4302 _m\r
(tems)_S 64 _t\r(Worldwide)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(Digital)_S 64 _t\r(Press,)_S 64 _t\r(1990.)_S 1380 3757 _m\r
([RISK91])_S 2934 3757 _m\r
(National)_S 64 _t\r(Research)_S 64 _t\r(Council,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Computers)_S 64 _t\r(at)_S 64 _t\r(Risk)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(National)_S 64 _t\r(Academy)_S 64 _t\r(Press,)_S 2934 3554 _m\r
(1991.)_S 1380 3012 _m\r
([SCHERLIS88])_S 2934 3012 _m\r
(Scherlis,)_S 64 _t\r(William,)_S 64 _t\r("DARPA)_S 64 _t\r(Establishes)_S 64 _t\r(Computer)_S 64 _t\r(Emergency)_S 64 _t\r(Response)_S 2934 2809 _m\r
(Team,")_S 64 _t\r(DARPA)_S 64 _t\r(Press)_S 64 _t\r(Release,)_S 64 _t\r(December)_S 64 _t\r(6,)_S 64 _t\r(1988.)_S 1380 2265 _m\r
([SCHERLIS89])_S 2934 2265 _m\r
(Scherlis,)_S 64 _t\r(William,)_S 64 _t\r(Squires,)_S 64 _t\r(Steven,)_S 64 _t\r(and)_S 64 _t\r(Pethia,)_S 64 _t\r(Rich,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Computer)_S 64 _t\r(Emergency)_S 2934 2060 _m\r
(Response)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(1989.)_S 5183 893 _m\r
(31)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1020 11578 _m\r
([SCHULTZ89])_S 2574 11578 _m\r
(Schultz,)_S 64 _t\r(E.)_S 64 _t\r(Eugene,)_S 64 _t\r("The)_S 64 _t\r(Computer)_S 64 _t\r(Incident)_S 64 _t\r(Advisory)_S 64 _t\r(Capability)_S 64 _t\r(\(CIAC\),")_S 2574 11373 _m\r
/Times-ItalicR 580 _ff\r
(Center)_S 64 _t\r(for)_S 64 _t\r(Computer)_S 64 _t\r(Security)_S 64 _t\r(News)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(Vol.)_S 64 _t\r(8,)_S 64 _t\r(1989.)_S 1020 10828 _m\r
([SCHULTZ90])_S 2574 10828 _m\r
(Schultz,)_S 64 _t\r(E.)_S 64 _t\r(Eugene,)_S 64 _t\r(Brown,)_S 64 _t\r(David,)_S 64 _t\r(and)_S 64 _t\r(Longstaff,)_S 64 _t\r(Thomas,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Responding)_S 64 _t\r(to)_S 2574 10623 _m\r
(Computer)_S 64 _t\r(Security)_S 64 _t\r(Incidents:)_S 64 _t\r(Guidelines)_S 64 _t\r(for)_S 64 _t\r(Incident)_S 64 _t\r(Handling)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(University)_S 64 _t\r(of)_S 2574 10420 _m\r
(California)_S 64 _t\r(Technical)_S 64 _t\r(Report)_S 64 _t\r(UCRL-104689,)_S 64 _t\r(1990.)_S 1020 9876 _m\r
([STEINBERG89])_S 2574 9876 _m\r
(Steinberg,)_S 64 _t\r(Tad,)_S 64 _t\r("Developing)_S 64 _t\r(a)_S 64 _t\r(Computer)_S 64 _t\r(Security)_S 64 _t\r(Charter,")_S 64 _t\r/Times-ItalicR 580 _ff\r
(Security,)_S 64 _t\r(Audit,)_S 2574 9671 _m\r
(and)_S 64 _t\r(Control)_S 64 _t\r(Review)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(Vol.)_S 64 _t\r(6)_S 64 _t\r(No.)_S 64 _t\r(4,)_S 64 _t\r(ACM)_S 64 _t\r(SIGSAC,)_S 64 _t\r(Winter)_S 64 _t\r(1989.)_S 1020 9126 _m\r
([STEWART89])_S 2574 9126 _m\r
(Stewart,)_S 64 _t\r(Geoffrey,)_S 64 _t\r(and)_S 64 _t\r(Sylvester,)_S 64 _t\r(David,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Potential)_S 64 _t\r(Liabilities)_S 64 _t\r(of)_S 64 _t\r(Computer)_S 2574 8921 _m\r
(Security)_S 64 _t\r(Response)_S 64 _t\r(Centers)_S 64 _t\r(Arising)_S 64 _t\r(from)_S 64 _t\r(Notification)_S 64 _t\r(to)_S 64 _t\r(Publishers)_S 64 _t\r(and)_S 64 _t\r(Users)_S 2574 8718 _m\r
(of)_S 64 _t\r(Security)_S 64 _t\r(Deficiencies)_S 64 _t\r(in)_S 64 _t\r(Software)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(December,)_S 64 _t\r(1989.)_S 1020 8173 _m\r
([WCSIR91])_S 2574 8173 _m\r
/Times-ItalicR 580 _ff\r
(Proceedings)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(Third)_S 64 _t\r(Invitational)_S 64 _t\r(Workshop)_S 64 _t\r(on)_S 64 _t\r(Computer)_S 64 _t\r(Security)_S 64 _t\r(Inci-)_S 2574 7968 _m\r
(dent)_S 64 _t\r(Response)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(August,)_S 64 _t\r(1991.)_S 4823 893 _m\r
(32)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
/HelveticaR 900 _ff\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /HelveticaR 900 _ff\r
1380 11483 _m\r
/Helvetica-BoldR 900 _ff\r
(Appendix)_S 100 _t\r(A.)_S 100 _t\r(Annotated)_S 100 _t\r(Bibliography)_S 1831 10773 _m\r
/Times-RomanR 580 _ff\r
(This)_S 64 _t\r(section)_S 64 _t\r(consists)_S 64 _t\r(of)_S 64 _t\r(an)_S 64 _t\r(annotated)_S 64 _t\r(list)_S 64 _t\r(of)_S 64 _t\r(selected)_S 64 _t\r(works)_S 64 _t\r(dealing)_S 64 _t\r(with)_S 64 _t\r(incident)_S 64 _t\r(handling.)_S 64 _t\r1380 10502 _m\r
(Where)_S 64 _t\r(noted,)_S 64 _t\r(some)_S 64 _t\r(works)_S 64 _t\r(are)_S 64 _t\r(available)_S 64 _t\r(from)_S 64 _t\r(NIST)_S 64 _t\r(in)_S 64 _t\r(electronic)_S 64 _t\r(form)_S 64 _t\r(for)_S 64 _t\r(users)_S 64 _t\r(with)_S 64 _t\r(a)_S 64 _t\r(modem)_S 1380 10231 _m\r
(and)_S 64 _t\r(communications)_S 64 _t\r(software)_S 64 _t\r(or)_S 64 _t\r(for)_S 64 _t\r(Internet)_S 64 _t\r(users;)_S 64 _t\r(refer)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(end)_S 64 _t\r(of)_S 64 _t\r(this)_S 64 _t\r(section)_S 64 _t\r(for)_S 64 _t\r(details.)_S 64 _t\r1380 9958 _m\r
(Some)_S 64 _t\r(references)_S 64 _t\r(are)_S 64 _t\r(from)_S 64 _t\r(RFC)_S 64 _t\r(1244,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Security)_S 64 _t\r(Policy)_S 64 _t\r(Handbook)_S /Times-RomanR 580 _ff\r
(;)_S 64 _t\r(see)_S 64 _t\r([HOLBROOK91].)_S 1380 9413 _m\r
([BRAND89])_S 64 _t\r(Brand,)_S 64 _t\r(Russell,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Coping)_S 64 _t\r(With)_S 64 _t\r(the)_S 64 _t\r(Threat)_S 64 _t\r(of)_S 64 _t\r(Computer)_S 64 _t\r(Security)_S 64 _t\r(Incidents:)_S 64 _t\r(A)_S 64 _t\r(Primer)_S 1380 9208 _m\r
(from)_S 64 _t\r(Prevention)_S 64 _t\r(through)_S 64 _t\r(Recovery)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(July,)_S 64 _t\r(1989.)_S 1831 8936 _m\r
(Contains)_S 64 _t\r(a)_S 64 _t\r(wide)_S 64 _t\r(range)_S 64 _t\r(of)_S 64 _t\r(guidance)_S 64 _t\r(regarding)_S 64 _t\r(incident)_S 64 _t\r(handling,)_S 64 _t\r(but)_S 64 _t\r(oriented)_S 64 _t\r(mostly)_S 64 _t\r(towards)_S 1831 8665 _m\r
(technical)_S 64 _t\r(issues.)_S 128 _t\r(Has)_S 64 _t\r(advice)_S 64 _t\r(in)_S 64 _t\r(particular)_S 64 _t\r(for)_S 64 _t\r(UNIX)_S 64 _t\r(and)_S 64 _t\r(VAX/VMS)_S 64 _t\r(managers.)_S 128 _t\r(This)_S 64 _t\r(guide)_S 1831 8394 _m\r
(is)_S 64 _t\r(recommended)_S 64 _t\r(for)_S 64 _t\r(anyone)_S 64 _t\r(involved)_S 64 _t\r(in)_S 64 _t\r(incident)_S 64 _t\r(handling.)_S 128 _t\r(In)_S 64 _t\r(draft)_S 64 _t\r(form,)_S 64 _t\r(available)_S 64 _t\r(via)_S 64 _t\r(the)_S 1831 8121 _m\r
(Internet)_S 64 _t\r(from)_S 64 _t\r/Times-ItalicR 580 _ff\r
(cert.sei.cmu.edu)_S /Times-RomanR 580 _ff\r
(.)_S 1380 7576 _m\r
(Cheswick,)_S 64 _t\r(B.,)_S 64 _t\r("The)_S 64 _t\r(Design)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(Secure)_S 64 _t\r(Internet)_S 64 _t\r(Gateway,")_S 64 _t\r/Times-ItalicR 580 _ff\r
(Proceedings)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(Summer)_S 64 _t\r(Usenix)_S 1380 7371 _m\r
(Conference)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(Anaheim,)_S 64 _t\r(CA,)_S 64 _t\r(June,)_S 64 _t\r(1990.)_S 1831 7099 _m\r
(Brief)_S 64 _t\r(abstract)_S 64 _t\r(\(slight)_S 64 _t\r(paraphrase)_S 64 _t\r(from)_S 64 _t\r(the)_S 64 _t\r(original)_S 64 _t\r(abstract\):)_S 64 _t\r(AT&T)_S 64 _t\r(maintains)_S 64 _t\r(a)_S 64 _t\r(large)_S 64 _t\r(inter-)_S 1831 6828 _m\r
(nal)_S 64 _t\r(Internet)_S 64 _t\r(that)_S 64 _t\r(needs)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(protected)_S 64 _t\r(from)_S 64 _t\r(outside)_S 64 _t\r(attacks,)_S 64 _t\r(while)_S 64 _t\r(providing)_S 64 _t\r(useful)_S 64 _t\r(services)_S 1831 6557 _m\r
(between)_S 64 _t\r(the)_S 64 _t\r(two.)_S 128 _t\r(This)_S 64 _t\r(paper)_S 64 _t\r(describes)_S 64 _t\r(AT&T's)_S 64 _t\r(Internet)_S 64 _t\r(gateway.)_S 128 _t\r(This)_S 64 _t\r(gateway)_S 64 _t\r(passes)_S 1831 6286 _m\r
(mail)_S 64 _t\r(and)_S 64 _t\r(many)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(common)_S 64 _t\r(Internet)_S 64 _t\r(services)_S 64 _t\r(between)_S 64 _t\r(AT&T)_S 64 _t\r(internal)_S 64 _t\r(machines)_S 64 _t\r(and)_S 64 _t\r(the)_S 1831 6015 _m\r
(Internet.)_S 128 _t\r(This)_S 64 _t\r(is)_S 64 _t\r(accomplished)_S 64 _t\r(without)_S 64 _t\r(IP)_S 64 _t\r(connectivity)_S 64 _t\r(using)_S 64 _t\r(a)_S 64 _t\r(pair)_S 64 _t\r(of)_S 64 _t\r(machines:)_S 64 _t\r(a)_S 64 _t\r(trusted)_S 1831 5744 _m\r
(internal)_S 64 _t\r(machine)_S 64 _t\r(and)_S 64 _t\r(an)_S 64 _t\r(untrusted)_S 64 _t\r(external)_S 64 _t\r(gateway.)_S 64 _t\r(This)_S 64 _t\r(configuration)_S 64 _t\r(helps)_S 64 _t\r(protect)_S 64 _t\r(the)_S 1831 5473 _m\r
(internal)_S 64 _t\r(internet)_S 64 _t\r(even)_S 64 _t\r(if)_S 64 _t\r(the)_S 64 _t\r(external)_S 64 _t\r(machine)_S 64 _t\r(is)_S 64 _t\r(fully)_S 64 _t\r(compromised.)_S 128 _t\r(Available)_S 64 _t\r(via)_S 64 _t\r(the)_S 64 _t\r(Inter-)_S 1831 5200 _m\r
(net)_S 64 _t\r(from)_S 64 _t\r/Times-ItalicR 580 _ff\r
(research.att.com)_S /Times-RomanR 580 _ff\r
(.)_S 1380 4655 _m\r
(Courtney,)_S 64 _t\r(Robert,)_S 64 _t\r(Jr.,)_S 64 _t\r("Proper)_S 64 _t\r(Assignment)_S 64 _t\r(of)_S 64 _t\r(Responsibility)_S 64 _t\r(for)_S 64 _t\r(Data)_S 64 _t\r(Security,")_S 64 _t\r/Times-ItalicR 580 _ff\r
(Computers)_S 64 _t\r(and)_S 1380 4450 _m\r
(Security)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(Volume)_S 64 _t\r(7)_S 64 _t\r(#1,)_S 64 _t\r(February,)_S 64 _t\r(1988.)_S 1831 4178 _m\r
(Brief)_S 64 _t\r(abstract:)_S 64 _t\r("An)_S 64 _t\r(analysis)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(data)_S 64 _t\r(security)_S 64 _t\r(responsibilities)_S 64 _t\r(within)_S 64 _t\r(an)_S 64 _t\r(organization)_S 64 _t\r(is)_S 1831 3907 _m\r
(presented.)_S 128 _t\r(It)_S 64 _t\r(is)_S 64 _t\r(proposed)_S 64 _t\r(that)_S 64 _t\r(DP)_S 64 _t\r(management)_S 64 _t\r(should)_S 64 _t\r(not)_S 64 _t\r(have)_S 64 _t\r(total)_S 64 _t\r(responsibility,)_S 64 _t\r(but)_S 64 _t\r(that)_S 1831 3636 _m\r
(this)_S 64 _t\r(should)_S 64 _t\r(be)_S 64 _t\r(shared)_S 64 _t\r(by)_S 64 _t\r(staff)_S 64 _t\r(in)_S 64 _t\r(the)_S 64 _t\r(functional)_S 64 _t\r(areas)_S 64 _t\r(to)_S 64 _t\r(ensure)_S 64 _t\r(cost-effectiveness)_S 64 _t\r(and)_S 64 _t\r(viabil-)_S 1831 3365 _m\r
(ity.")_S 128 _t\r(The)_S 64 _t\r(author)_S 64 _t\r(recommends)_S 64 _t\r(creation)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(Computer)_S 64 _t\r(Security)_S 64 _t\r(Competence)_S 64 _t\r(Center)_S 64 _t\r(that)_S 64 _t\r(has)_S 1831 3094 _m\r
(some)_S 64 _t\r(parallels)_S 64 _t\r(to)_S 64 _t\r(a)_S 64 _t\r(CSIRC,)_S 64 _t\r(especially)_S 64 _t\r(in)_S 64 _t\r(administration)_S 64 _t\r(of)_S 64 _t\r(security)_S 64 _t\r(and)_S 64 _t\r(user)_S 64 _t\r(awareness.)_S 1380 2550 _m\r
(Curry,)_S 64 _t\r(David,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Improving)_S 64 _t\r(the)_S 64 _t\r(Security)_S 64 _t\r(of)_S 64 _t\r(Your)_S 64 _t\r(UNIX)_S 64 _t\r(System)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(SRI)_S 64 _t\r(International)_S 64 _t\r(Report)_S 1380 2347 _m\r
(ITSTD-721-FR-90-21,)_S 64 _t\r(April)_S 64 _t\r(1990.)_S 1831 2076 _m\r
(A)_S 64 _t\r(practical)_S 64 _t\r(guide)_S 64 _t\r(to)_S 64 _t\r(improving)_S 64 _t\r(UNIX)_S 64 _t\r(system)_S 64 _t\r(security)_S 64 _t\r(that)_S 64 _t\r(lays)_S 64 _t\r(out)_S 64 _t\r(a)_S 64 _t\r(number)_S 64 _t\r(of)_S 64 _t\r(vulnerabili-)_S 1831 1805 _m\r
(ties)_S 64 _t\r(and)_S 64 _t\r(methods)_S 64 _t\r(for)_S 64 _t\r(improving)_S 64 _t\r(monitoring)_S 64 _t\r(and)_S 64 _t\r(detecting)_S 64 _t\r(threats.)_S 128 _t\r(Contains)_S 64 _t\r(a)_S 64 _t\r(number)_S 64 _t\r(of)_S 1831 1534 _m\r
(good)_S 64 _t\r(references)_S 64 _t\r(to)_S 64 _t\r(other)_S 64 _t\r(sources)_S 64 _t\r(of)_S 64 _t\r(information.)_S 128 _t\r(Available)_S 64 _t\r(on-line)_S 64 _t\r(from)_S 64 _t\r(NIST.)_S 5183 893 _m\r
(33)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1020 11576 _m\r
(Denning,)_S 64 _t\r(Peter,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Computers)_S 64 _t\r(Under)_S 64 _t\r(Attack:)_S 64 _t\r(Intruders,)_S 64 _t\r(Worms,)_S 64 _t\r(and)_S 64 _t\r(Viruses)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(ACM)_S 64 _t\r(Press,)_S 64 _t\r(1990.)_S 1471 11304 _m\r
(A)_S 64 _t\r(collection)_S 64 _t\r(of)_S 64 _t\r(40)_S 64 _t\r(pieces)_S 64 _t\r(divided)_S 64 _t\r(into)_S 64 _t\r(six)_S 64 _t\r(sections:)_S 64 _t\r(the)_S 64 _t\r(emergence)_S 64 _t\r(of)_S 64 _t\r(worldwide)_S 64 _t\r(computer)_S 1471 11033 _m\r
(networks,)_S 64 _t\r(electronic)_S 64 _t\r(breakins,)_S 64 _t\r(worms,)_S 64 _t\r(viruses,)_S 64 _t\r(counterculture)_S 64 _t\r(\(articles)_S 64 _t\r(examining)_S 64 _t\r(the)_S 64 _t\r(world)_S 1471 10762 _m\r
(of)_S 64 _t\r(the)_S 64 _t\r("hacker"\),)_S 64 _t\r(and)_S 64 _t\r(finally)_S 64 _t\r(a)_S 64 _t\r(section)_S 64 _t\r(discussing)_S 64 _t\r(social,)_S 64 _t\r(legal,)_S 64 _t\r(and)_S 64 _t\r(ethical)_S 64 _t\r(considerations.)_S 1020 10218 _m\r
([FEDELI91])_S 64 _t\r(Fedeli,)_S 64 _t\r(Alan,)_S 64 _t\r("Organizing)_S 64 _t\r(a)_S 64 _t\r(Corporate)_S 64 _t\r(Anti-Virus)_S 64 _t\r(Effort,")_S 64 _t\r/Times-ItalicR 580 _ff\r
(Proceedings)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(Third)_S 1020 10013 _m\r
(Annual)_S 64 _t\r(Computer)_S 64 _t\r(VIRUS)_S 64 _t\r(Clinic)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(Nationwide)_S 64 _t\r(Computer)_S 64 _t\r(Corp.,)_S 64 _t\r(March,)_S 64 _t\r(1990.)_S 1471 9741 _m\r
(Discusses)_S 64 _t\r(IBM's)_S 64 _t\r(approach)_S 64 _t\r(in)_S 64 _t\r(organizing)_S 64 _t\r(their)_S 64 _t\r(computer)_S 64 _t\r(virus)_S 64 _t\r(incident)_S 64 _t\r(handling)_S 64 _t\r(procedures.)_S 64 _t\r1471 9470 _m\r
(Contains)_S 64 _t\r(mostly)_S 64 _t\r(management)_S 64 _t\r(issues)_S 64 _t\r(involved)_S 64 _t\r(in)_S 64 _t\r(establishing)_S 64 _t\r(the)_S 64 _t\r(incident)_S 64 _t\r(handling)_S 64 _t\r(center,)_S 1471 9199 _m\r
(locating)_S 64 _t\r(it)_S 64 _t\r(within)_S 64 _t\r(existing)_S 64 _t\r(organizational)_S 64 _t\r(structures,)_S 64 _t\r(and)_S 64 _t\r(initial)_S 64 _t\r(steps)_S 64 _t\r(in)_S 64 _t\r(operating)_S 64 _t\r(the)_S 64 _t\r(center.)_S 64 _t\r1471 8928 _m\r
(This)_S 64 _t\r(document)_S 64 _t\r(contains)_S 64 _t\r(much)_S 64 _t\r(useful)_S 64 _t\r(guidance)_S 64 _t\r(and)_S 64 _t\r(is)_S 64 _t\r(highly)_S 64 _t\r(recommended.)_S 128 _t\r(Available)_S 64 _t\r(on-)_S 1471 8657 _m\r
(line)_S 64 _t\r(from)_S 64 _t\r(NIST.)_S 1020 8113 _m\r
(Fites,)_S 64 _t\r(M.,)_S 64 _t\r(Kratz,)_S 64 _t\r(P.,)_S 64 _t\r(and)_S 64 _t\r(Brebner,)_S 64 _t\r(A.,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Control)_S 64 _t\r(and)_S 64 _t\r(Security)_S 64 _t\r(of)_S 64 _t\r(Computer)_S 64 _t\r(Information)_S 64 _t\r(Systems)_S /Times-RomanR 580 _ff\r
(,)_S 1020 7910 _m\r
(Computer)_S 64 _t\r(Science)_S 64 _t\r(Press,)_S 64 _t\r(1989.)_S 1471 7639 _m\r
(This)_S 64 _t\r(book)_S 64 _t\r(serves)_S 64 _t\r(as)_S 64 _t\r(a)_S 64 _t\r(good)_S 64 _t\r(guide)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(issues)_S 64 _t\r(encountered)_S 64 _t\r(in)_S 64 _t\r(forming)_S 64 _t\r(computer)_S 64 _t\r(security)_S 1471 7368 _m\r
(policies)_S 64 _t\r(and)_S 64 _t\r(procedures.)_S 128 _t\r(The)_S 64 _t\r(book)_S 64 _t\r(is)_S 64 _t\r(particularly)_S 64 _t\r(notable)_S 64 _t\r(for)_S 64 _t\r(its)_S 64 _t\r(straight-forward)_S 64 _t\r(approach)_S 1471 7097 _m\r
(to)_S 64 _t\r(security,)_S 64 _t\r(emphasizing)_S 64 _t\r(that)_S 64 _t\r(common)_S 64 _t\r(sense)_S 64 _t\r(is)_S 64 _t\r(the)_S 64 _t\r(first)_S 64 _t\r(consideration)_S 64 _t\r(in)_S 64 _t\r(designing)_S 64 _t\r(a)_S 64 _t\r(security)_S 1471 6826 _m\r
(program.)_S 128 _t\r(The)_S 64 _t\r(authors)_S 64 _t\r(note)_S 64 _t\r(that)_S 64 _t\r(there)_S 64 _t\r(is)_S 64 _t\r(a)_S 64 _t\r(tendency)_S 64 _t\r(to)_S 64 _t\r(look)_S 64 _t\r(to)_S 64 _t\r(more)_S 64 _t\r(technical)_S 64 _t\r(solutions)_S 64 _t\r(to)_S 1471 6555 _m\r
(security)_S 64 _t\r(problems)_S 64 _t\r(while)_S 64 _t\r(overlooking)_S 64 _t\r(organizational)_S 64 _t\r(controls)_S 64 _t\r(which)_S 64 _t\r(are)_S 64 _t\r(often)_S 64 _t\r(less)_S 64 _t\r(expensive)_S 1471 6284 _m\r
(and)_S 64 _t\r(more)_S 64 _t\r(effective.)_S 1020 5740 _m\r
([GAO89])_S 64 _t\r(U.S.)_S 64 _t\r(General)_S 64 _t\r(Accounting)_S 64 _t\r(Office,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Computer)_S 64 _t\r(Security)_S 64 _t\r(-)_S 64 _t\r(Virus)_S 64 _t\r(Highlights)_S 64 _t\r(Need)_S 64 _t\r(for)_S 64 _t\r(Im-)_S 1020 5535 _m\r
(proved)_S 64 _t\r(Internet)_S 64 _t\r(Management)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(United)_S 64 _t\r(Stated)_S 64 _t\r(General)_S 64 _t\r(Accounting)_S 64 _t\r(Office,)_S 64 _t\r(Washington,)_S 64 _t\r(DC,)_S 64 _t\r(1989.)_S 1471 5263 _m\r
(This)_S 64 _t\r(paper,)_S 64 _t\r(a)_S 64 _t\r(General)_S 64 _t\r(Accounting)_S 64 _t\r(Office)_S 64 _t\r(Report,)_S 64 _t\r(contains)_S 64 _t\r(much)_S 64 _t\r(useful)_S 64 _t\r(information)_S 64 _t\r(regard-)_S 1471 4992 _m\r
(ing)_S 64 _t\r(the)_S 64 _t\r(Internet,)_S 64 _t\r(the)_S 64 _t\r(Internet)_S 64 _t\r(worm,)_S 64 _t\r(common)_S 64 _t\r(vulnerabilities,)_S 64 _t\r(and)_S 64 _t\r(computer)_S 64 _t\r(viruses.)_S 128 _t\r(It)_S 64 _t\r(con-)_S 1471 4721 _m\r
(tains)_S 64 _t\r(a)_S 64 _t\r(number)_S 64 _t\r(of)_S 64 _t\r(recommendations)_S 64 _t\r(for)_S 64 _t\r(improving)_S 64 _t\r(system)_S 64 _t\r(management)_S 64 _t\r(and)_S 64 _t\r(communications)_S 1471 4450 _m\r
(between)_S 64 _t\r(vendors)_S 64 _t\r(and)_S 64 _t\r(system)_S 64 _t\r(managers)_S 64 _t\r(as)_S 64 _t\r(regards)_S 64 _t\r(bug)_S 64 _t\r(reports)_S 64 _t\r(and)_S 64 _t\r(fixes.)_S 128 _t\r(Some)_S 64 _t\r(legal)_S 64 _t\r(issues)_S 1471 4179 _m\r
(regarding)_S 64 _t\r(prosecution)_S 64 _t\r(are)_S 64 _t\r(discussed.)_S 128 _t\r(Available)_S 64 _t\r(on-line)_S 64 _t\r(from)_S 64 _t\r(NIST.)_S 1020 3635 _m\r
(Garfinkel,)_S 64 _t\r(Simson,)_S 64 _t\r(and)_S 64 _t\r(Spafford,)_S 64 _t\r(Eugene,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Practical)_S 64 _t\r(UNIX)_S 64 _t\r(Security)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(O'Reilly)_S 64 _t\r(&)_S 64 _t\r(Associates,)_S 64 _t\r(Inc.,)_S 1020 3432 _m\r
(1991.)_S 1471 3161 _m\r
(A)_S 64 _t\r(comprehensive)_S 64 _t\r(guide)_S 64 _t\r(to)_S 64 _t\r(UNIX)_S 64 _t\r(security;)_S 64 _t\r(an)_S 64 _t\r(important)_S 64 _t\r(source)_S 64 _t\r(for)_S 64 _t\r(UNIX)_S 64 _t\r(sites)_S 64 _t\r(that)_S 64 _t\r(are)_S 64 _t\r(at-)_S 1471 2890 _m\r
(tached)_S 64 _t\r(to)_S 64 _t\r(UUCP)_S 64 _t\r(networks)_S 64 _t\r(or)_S 64 _t\r(the)_S 64 _t\r(Internet.)_S 128 _t\r(The)_S 64 _t\r(book)_S 64 _t\r(contains)_S 64 _t\r(some)_S 64 _t\r(guidance)_S 64 _t\r(regarding)_S 1471 2619 _m\r
(incident)_S 64 _t\r(handling:)_S 64 _t\r(detecting)_S 64 _t\r(signs)_S 64 _t\r(of)_S 64 _t\r(unauthorized)_S 64 _t\r(activity)_S 64 _t\r(and)_S 64 _t\r(subsequent)_S 64 _t\r(steps)_S 64 _t\r(to)_S 64 _t\r(take.)_S 4823 893 _m\r
(34)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1380 11571 _m\r
(Hafner,)_S 64 _t\r(Katie,)_S 64 _t\r(and)_S 64 _t\r(Markoff,)_S 64 _t\r(John,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Cyperpunk)_S 64 _t\r(-)_S 64 _t\r(Outlaws)_S 64 _t\r(and)_S 64 _t\r(Hackers)_S 64 _t\r(on)_S 64 _t\r(the)_S 64 _t\r(Computer)_S 64 _t\r(Frontier)_S /Times-RomanR 580 _ff\r
(,)_S 1380 11368 _m\r
(Simon)_S 64 _t\r(and)_S 64 _t\r(Schuster,)_S 64 _t\r(1991.)_S 1831 11097 _m\r
(Entertaining)_S 64 _t\r(and)_S 64 _t\r(useful)_S 64 _t\r(reading)_S 64 _t\r(for)_S 64 _t\r(insights)_S 64 _t\r(into)_S 64 _t\r(computer)_S 64 _t\r(hacking.)_S 128 _t\r(The)_S 64 _t\r(book)_S 64 _t\r(contains)_S 64 _t\r(case)_S 1831 10826 _m\r
(studies)_S 64 _t\r(of)_S 64 _t\r(Kevin)_S 64 _t\r(Mitnick,)_S 64 _t\r(a)_S 64 _t\r(noted)_S 64 _t\r(telephone)_S 64 _t\r(hacker,)_S 64 _t\r(Pengo,)_S 64 _t\r(a)_S 64 _t\r(West)_S 64 _t\r(German)_S 64 _t\r(who)_S 64 _t\r(offered)_S 64 _t\r(his)_S 1831 10555 _m\r
(hacking)_S 64 _t\r(services)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(Soviet)_S 64 _t\r(Government,)_S 64 _t\r(and)_S 64 _t\r(Robert)_S 64 _t\r(Morris)_S 64 _t\r(Jr.,,)_S 64 _t\r(a)_S 64 _t\r(student)_S 64 _t\r(who)_S 64 _t\r(wrote)_S 64 _t\r(the)_S 1831 10284 _m\r
("Internet)_S 64 _t\r(Worm")_S 64 _t\r(program.)_S 128 _t\r(The)_S 64 _t\r(book)_S 64 _t\r(alerts)_S 64 _t\r(readers)_S 64 _t\r(as)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(extent)_S 64 _t\r(to)_S 64 _t\r(which)_S 64 _t\r(society)_S 64 _t\r(is)_S 1831 10013 _m\r
(dependent)_S 64 _t\r(on)_S 64 _t\r(computers)_S 64 _t\r(and)_S 64 _t\r(how)_S 64 _t\r(fragile)_S 64 _t\r(the)_S 64 _t\r(computer)_S 64 _t\r(safeguards)_S 64 _t\r(are.)_S 1380 9469 _m\r
([HANSEN90])_S 64 _t\r(Hansen,)_S 64 _t\r(Steve,)_S 64 _t\r("Legal)_S 64 _t\r(Issues:)_S 64 _t\r(A)_S 64 _t\r(Site)_S 64 _t\r(Manager's)_S 64 _t\r(Nightmare,")_S 64 _t\r/Times-ItalicR 580 _ff\r
(Proceedings)_S 64 _t\r(of)_S 64 _t\r(the)_S 1380 9264 _m\r
(Second)_S 64 _t\r(Invitational)_S 64 _t\r(Workshop)_S 64 _t\r(on)_S 64 _t\r(Computer)_S 64 _t\r(Security)_S 64 _t\r(Incident)_S 64 _t\r(Response)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(June,)_S 64 _t\r(1990.)_S 1831 8992 _m\r
(This)_S 64 _t\r(paper)_S 64 _t\r(details)_S 64 _t\r(some)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(legal)_S 64 _t\r(issues)_S 64 _t\r(involved)_S 64 _t\r(in)_S 64 _t\r(incident)_S 64 _t\r(handling,)_S 64 _t\r(especially)_S 64 _t\r(in)_S 64 _t\r(log-)_S 1831 8721 _m\r
(ging)_S 64 _t\r(electronic)_S 64 _t\r(information.)_S 128 _t\r(The)_S 64 _t\r(paper)_S 64 _t\r(focuses)_S 64 _t\r(on)_S 64 _t\r(the)_S 64 _t\r(Federal)_S 64 _t\r(Electronic)_S 64 _t\r(Communications)_S 1831 8450 _m\r
(Act)_S 64 _t\r(of)_S 64 _t\r(1986)_S 64 _t\r(and)_S 64 _t\r(some)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(ambiguities)_S 64 _t\r(and)_S 64 _t\r(ethics)_S 64 _t\r(involved)_S 64 _t\r(in)_S 64 _t\r(interpreting)_S 64 _t\r(the)_S 64 _t\r(law)_S 64 _t\r(and)_S 1831 8179 _m\r
(monitoring)_S 64 _t\r(user)_S 64 _t\r(activity.)_S 128 _t\r(Available)_S 64 _t\r(on-line)_S 64 _t\r(from)_S 64 _t\r(NIST.)_S 1380 7635 _m\r
(Hoffman,)_S 64 _t\r(Lance,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Rogue)_S 64 _t\r(Programs:)_S 64 _t\r(Viruses,)_S 64 _t\r(Worms,)_S 64 _t\r(and)_S 64 _t\r(Trojan)_S 64 _t\r(Horses)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(Van)_S 64 _t\r(Nostrand)_S 64 _t\r(Reinhold,)_S 1380 7432 _m\r
(1990.)_S 1831 7161 _m\r
(A)_S 64 _t\r(collection)_S 64 _t\r(of)_S 64 _t\r(papers)_S 64 _t\r(and)_S 64 _t\r(excerpts)_S 64 _t\r(from)_S 64 _t\r(publications)_S 64 _t\r(regarding)_S 64 _t\r(computer)_S 64 _t\r(viruses)_S 64 _t\r(and)_S 64 _t\r(relat-)_S 1831 6890 _m\r
(ed)_S 64 _t\r(threats.)_S 128 _t\r(Recommended)_S 64 _t\r(for)_S 64 _t\r(its)_S 64 _t\r(thoroughness)_S 64 _t\r(and)_S 64 _t\r(broad)_S 64 _t\r(scope.)_S 1380 6346 _m\r
([HOLBROOK91])_S 64 _t\r(Holbrook,)_S 64 _t\r(Paul,)_S 64 _t\r(and)_S 64 _t\r(Reynolds,)_S 64 _t\r(Joyce,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Security)_S 64 _t\r(Policy)_S 64 _t\r(Handbook)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(RFC)_S 64 _t\r(1244)_S 1380 6143 _m\r
(prepared)_S 64 _t\r(for)_S 64 _t\r(the)_S 64 _t\r(Internet)_S 64 _t\r(Engineering)_S 64 _t\r(Task)_S 64 _t\r(Force,)_S 64 _t\r(1991.)_S 1831 5872 _m\r
(A)_S 64 _t\r(highly)_S 64 _t\r(useful)_S 64 _t\r(paper,)_S 64 _t\r(prepared)_S 64 _t\r(as)_S 64 _t\r(an)_S 64 _t\r(Internet)_S 64 _t\r(Request)_S 64 _t\r(For)_S 64 _t\r(Comments)_S 64 _t\r(\(RFC\).)_S 128 _t\r(Although)_S 1831 5601 _m\r
(this)_S 64 _t\r(paper)_S 64 _t\r(is)_S 64 _t\r(oriented)_S 64 _t\r(towards)_S 64 _t\r(sites)_S 64 _t\r(connected)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(Internet,)_S 64 _t\r(much)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(information)_S 64 _t\r(is)_S 1831 5330 _m\r
(equally)_S 64 _t\r(applicable)_S 64 _t\r(to)_S 64 _t\r(other)_S 64 _t\r(system)_S 64 _t\r(and)_S 64 _t\r(network)_S 64 _t\r(environments.)_S 128 _t\r(It)_S 64 _t\r(contains)_S 64 _t\r(useful)_S 64 _t\r(informa-)_S 1831 5059 _m\r
(tion)_S 64 _t\r(regarding)_S 64 _t\r(basic)_S 64 _t\r(security)_S 64 _t\r(procedures,)_S 64 _t\r(incident)_S 64 _t\r(response,)_S 64 _t\r(and)_S 64 _t\r(legal)_S 64 _t\r(issues.)_S 128 _t\r(A)_S 64 _t\r(detailed)_S 1831 4788 _m\r
(bibliography)_S 64 _t\r(is)_S 64 _t\r(included.)_S 128 _t\r(This)_S 64 _t\r(paper)_S 64 _t\r(is)_S 64 _t\r(highly)_S 64 _t\r(recommended)_S 64 _t\r(for)_S 64 _t\r(its)_S 64 _t\r(discussion)_S 64 _t\r(of)_S 64 _t\r(manage-)_S 1831 4517 _m\r
(ment)_S 64 _t\r(and)_S 64 _t\r(technical)_S 64 _t\r(issues)_S 64 _t\r(involved)_S 64 _t\r(in)_S 64 _t\r(incident)_S 64 _t\r(response.)_S 128 _t\r(Available)_S 64 _t\r(on-line)_S 64 _t\r(from)_S 64 _t\r(NIST.)_S 1380 3973 _m\r
(National)_S 64 _t\r(Institute)_S 64 _t\r(of)_S 64 _t\r(Standards)_S 64 _t\r(and)_S 64 _t\r(Technology,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Bibliography)_S 64 _t\r(of)_S 64 _t\r(Selected)_S 64 _t\r(Computer)_S 64 _t\r(Security)_S 1380 3768 _m\r
(Publications)_S 64 _t\r(January)_S 64 _t\r(1980)_S 64 _t\r(-)_S 64 _t\r(October)_S 64 _t\r(1989)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(NIST)_S 64 _t\r(Special)_S 64 _t\r(Publication)_S 64 _t\r(800-1,)_S 64 _t\r(December,)_S 64 _t\r(1990.)_S 1831 3496 _m\r
(This)_S 64 _t\r(bibliography)_S 64 _t\r(cites)_S 64 _t\r(selected)_S 64 _t\r(books)_S 64 _t\r(and)_S 64 _t\r(articles)_S 64 _t\r(on)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(published)_S 64 _t\r(from)_S 1831 3225 _m\r
(January)_S 64 _t\r(1980)_S 64 _t\r(through)_S 64 _t\r(October)_S 64 _t\r(1989.)_S 128 _t\r(To)_S 64 _t\r(have)_S 64 _t\r(been)_S 64 _t\r(selected,)_S 64 _t\r(an)_S 64 _t\r(article)_S 64 _t\r(had)_S 64 _t\r(to)_S 64 _t\r(be)_S 64 _t\r(substantial)_S 1831 2954 _m\r
(in)_S 64 _t\r(content)_S 64 _t\r(and)_S 64 _t\r(have)_S 64 _t\r(been)_S 64 _t\r(published)_S 64 _t\r(in)_S 64 _t\r(professional)_S 64 _t\r(or)_S 64 _t\r(technical)_S 64 _t\r(journals,)_S 64 _t\r(magazines,)_S 64 _t\r(or)_S 1831 2683 _m\r
(conference)_S 64 _t\r(proceedings.)_S 128 _t\r(English)_S 64 _t\r(language)_S 64 _t\r(from)_S 64 _t\r(foreign)_S 64 _t\r(journals)_S 64 _t\r(were)_S 64 _t\r(included)_S 64 _t\r(as)_S 64 _t\r(available.)_S 64 _t\r1831 2412 _m\r
(A)_S 64 _t\r(category)_S 64 _t\r(of)_S 64 _t\r(pre-1980)_S 64 _t\r(publications)_S 64 _t\r(is)_S 64 _t\r(also)_S 64 _t\r(provided,)_S 64 _t\r(as)_S 64 _t\r(well)_S 64 _t\r(as)_S 64 _t\r(an)_S 64 _t\r(appendix)_S 64 _t\r(containing)_S 1831 2141 _m\r
(address)_S 64 _t\r(of)_S 64 _t\r(all)_S 64 _t\r(journals)_S 64 _t\r(and)_S 64 _t\r(magazines)_S 64 _t\r(referenced.)_S 128 _t\r(For)_S 64 _t\r(sale)_S 64 _t\r(by)_S 64 _t\r(the)_S 64 _t\r(U.S.)_S 64 _t\r(Government)_S 64 _t\r(Print-)_S 1831 1870 _m\r
(ing)_S 64 _t\r(Office,)_S 64 _t\r(Washington,)_S 64 _t\r(DC)_S 64 _t\r(20402,)_S 64 _t\r(\(202\))_S 64 _t\r(783-3238,)_S 64 _t\r(reference)_S 64 _t\r(#003-003-03060-1.)_S 128 _t\r(Avail-)_S 1831 1599 _m\r
(able)_S 64 _t\r(on-line)_S 64 _t\r(from)_S 64 _t\r(NIST.)_S 5183 893 _m\r
(35)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1020 11576 _m\r
([PETHIA90])_S 64 _t\r(Pethia,)_S 64 _t\r(Rich,)_S 64 _t\r(and)_S 64 _t\r(van)_S 64 _t\r(Wyk,)_S 64 _t\r(Kenneth,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Computer)_S 64 _t\r(Emergency)_S 64 _t\r(Response)_S 64 _t\r(-)_S 64 _t\r(An)_S 64 _t\r(Interna-)_S 1020 11371 _m\r
(tional)_S 64 _t\r(Problem)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(1990.)_S 1471 11099 _m\r
(This)_S 64 _t\r(paper)_S 64 _t\r(describes)_S 64 _t\r(how)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(incidents)_S 64 _t\r(have)_S 64 _t\r(begun)_S 64 _t\r(to)_S 64 _t\r(become)_S 64 _t\r(international)_S 1471 10828 _m\r
(in)_S 64 _t\r(scope)_S 64 _t\r(due)_S 64 _t\r(to)_S 64 _t\r(networks.)_S 128 _t\r(The)_S 64 _t\r(paper)_S 64 _t\r(recommends)_S 64 _t\r(international)_S 64 _t\r(cooperation)_S 64 _t\r(in)_S 64 _t\r(dealing)_S 64 _t\r(with)_S 1471 10557 _m\r
(incidents)_S 64 _t\r(and)_S 64 _t\r(suggests)_S 64 _t\r(methods)_S 64 _t\r(by)_S 64 _t\r(which)_S 64 _t\r(individual)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(response)_S 64 _t\r(groups)_S 64 _t\r(can)_S 1471 10286 _m\r
(work)_S 64 _t\r(together)_S 64 _t\r(internationally)_S 64 _t\r(to)_S 64 _t\r(cope)_S 64 _t\r(with)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(incidents.)_S 128 _t\r(Available)_S 64 _t\r(via)_S 64 _t\r(the)_S 1471 10013 _m\r
(Internet)_S 64 _t\r(from)_S 64 _t\r/Times-ItalicR 580 _ff\r
(cert.sei.cmu.edu)_S /Times-RomanR 580 _ff\r
(.)_S 1020 9468 _m\r
(Pfleeger,)_S 64 _t\r(Charles,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Security)_S 64 _t\r(in)_S 64 _t\r(Computing)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(Prentice-Hall,)_S 64 _t\r(Englewood)_S 64 _t\r(Cliffs,)_S 64 _t\r(NJ,)_S 64 _t\r(1989.)_S 1471 9196 _m\r
(A)_S 64 _t\r(general)_S 64 _t\r(textbook)_S 64 _t\r(in)_S 64 _t\r(computer)_S 64 _t\r(security,)_S 64 _t\r(this)_S 64 _t\r(book)_S 64 _t\r(provides)_S 64 _t\r(an)_S 64 _t\r(excellent)_S 64 _t\r(and)_S 64 _t\r(very)_S 64 _t\r(readable)_S 1471 8925 _m\r
(introduction)_S 64 _t\r(to)_S 64 _t\r(classic)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(problems)_S 64 _t\r(and)_S 64 _t\r(solutions,)_S 64 _t\r(with)_S 64 _t\r(a)_S 64 _t\r(particular)_S 64 _t\r(emphasis)_S 1471 8654 _m\r
(on)_S 64 _t\r(encryption.)_S 128 _t\r(The)_S 64 _t\r(encryption)_S 64 _t\r(coverage)_S 64 _t\r(serves)_S 64 _t\r(as)_S 64 _t\r(a)_S 64 _t\r(good)_S 64 _t\r(introduction)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(subject.)_S 128 _t\r(Oth-)_S 1471 8383 _m\r
(er)_S 64 _t\r(topics)_S 64 _t\r(covered)_S 64 _t\r(include)_S 64 _t\r(building)_S 64 _t\r(secure)_S 64 _t\r(programs)_S 64 _t\r(and)_S 64 _t\r(systems,)_S 64 _t\r(security)_S 64 _t\r(of)_S 64 _t\r(database,)_S 64 _t\r(per-)_S 1471 8112 _m\r
(sonal)_S 64 _t\r(computer)_S 64 _t\r(security,)_S 64 _t\r(network)_S 64 _t\r(and)_S 64 _t\r(communications)_S 64 _t\r(security,)_S 64 _t\r(physical)_S 64 _t\r(security,)_S 64 _t\r(risk)_S 64 _t\r(anal-)_S 1471 7841 _m\r
(ysis)_S 64 _t\r(and)_S 64 _t\r(security)_S 64 _t\r(planning,)_S 64 _t\r(and)_S 64 _t\r(legal)_S 64 _t\r(and)_S 64 _t\r(ethical)_S 64 _t\r(issues.)_S 1020 7297 _m\r
([QUARTERM90])_S 64 _t\r(Quarterman,)_S 64 _t\r(John,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(The)_S 64 _t\r(Matrix)_S 64 _t\r(-)_S 64 _t\r(Computer)_S 64 _t\r(Networks)_S 64 _t\r(and)_S 64 _t\r(Conferencing)_S 64 _t\r(Systems)_S 1020 7092 _m\r
(Worldwide)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(Digital)_S 64 _t\r(Press,)_S 64 _t\r(1990.)_S 1471 6820 _m\r
(A)_S 64 _t\r(comprehensive)_S 64 _t\r(guide)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(world's)_S 64 _t\r(computer)_S 64 _t\r(networks)_S 64 _t\r(and)_S 64 _t\r(their)_S 64 _t\r(protocols.)_S 128 _t\r(A)_S 64 _t\r(useful)_S 1471 6549 _m\r
(source)_S 64 _t\r(of)_S 64 _t\r(information)_S 64 _t\r(for)_S 64 _t\r(sites)_S 64 _t\r(connected)_S 64 _t\r(to)_S 64 _t\r(networks.)_S 1020 6005 _m\r
([RISK91])_S 64 _t\r(National)_S 64 _t\r(Research)_S 64 _t\r(Council,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Computers)_S 64 _t\r(at)_S 64 _t\r(Risk)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(National)_S 64 _t\r(Academy)_S 64 _t\r(Press,)_S 64 _t\r(1991.)_S 1471 5733 _m\r
(This)_S 64 _t\r(document)_S 64 _t\r(presents)_S 64 _t\r(a)_S 64 _t\r(comprehensive)_S 64 _t\r(agenda)_S 64 _t\r(for)_S 64 _t\r(developing)_S 64 _t\r(nationwide)_S 64 _t\r(polices)_S 64 _t\r(and)_S 1471 5462 _m\r
(practices)_S 64 _t\r(for)_S 64 _t\r(computer)_S 64 _t\r(security.)_S 128 _t\r(It)_S 64 _t\r(contains)_S 64 _t\r(a)_S 64 _t\r(number)_S 64 _t\r(of)_S 64 _t\r(recommendations)_S 64 _t\r(that)_S 64 _t\r(address)_S 1471 5191 _m\r
(roles)_S 64 _t\r(of)_S 64 _t\r(agencies,)_S 64 _t\r(expansion)_S 64 _t\r(of)_S 64 _t\r(current)_S 64 _t\r(efforts,)_S 64 _t\r(and)_S 64 _t\r(cooperation)_S 64 _t\r(between)_S 64 _t\r(industry)_S 64 _t\r(and)_S 64 _t\r(gov-)_S 1471 4920 _m\r
(ernment.)_S 1020 4376 _m\r
(Russell,)_S 64 _t\r(Deborah,)_S 64 _t\r(and)_S 64 _t\r(Gangemi,)_S 64 _t\r(G.T.)_S 64 _t\r(Sr.,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Computer)_S 64 _t\r(Security)_S 64 _t\r(Basics)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(O'Reilly)_S 64 _t\r(&)_S 64 _t\r(Associates,)_S 64 _t\r(Inc.,)_S 1020 4173 _m\r
(July,)_S 64 _t\r(1991.)_S 1471 3902 _m\r
(Provides)_S 64 _t\r(an)_S 64 _t\r(introduction)_S 64 _t\r(to)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(concepts:)_S 64 _t\r(passwords,)_S 64 _t\r(access)_S 64 _t\r(controls,)_S 64 _t\r(network)_S 1471 3631 _m\r
(security,)_S 64 _t\r(biometrics,)_S 64 _t\r(TEMPEST,)_S 64 _t\r(and)_S 64 _t\r(more.)_S 128 _t\r(Describes)_S 64 _t\r(government)_S 64 _t\r(and)_S 64 _t\r(industry)_S 64 _t\r(standards)_S 1471 3360 _m\r
(for)_S 64 _t\r(security,)_S 64 _t\r(including)_S 64 _t\r(the)_S 64 _t\r("Orange)_S 64 _t\r(Book.")_S 128 _t\r(Contains)_S 64 _t\r(a)_S 64 _t\r(number)_S 64 _t\r(of)_S 64 _t\r(useful)_S 64 _t\r(references.)_S 4823 893 _m\r
(36)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1380 11571 _m\r
([SCHULTZ90])_S 64 _t\r(Schultz,)_S 64 _t\r(E.)_S 64 _t\r(Eugene,)_S 64 _t\r(Brown,)_S 64 _t\r(David,)_S 64 _t\r(and)_S 64 _t\r(Longstaff,)_S 64 _t\r(Thomas,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Responding)_S 64 _t\r(to)_S 64 _t\r(Com-)_S 1380 11366 _m\r
(puter)_S 64 _t\r(Security)_S 64 _t\r(Incidents:)_S 64 _t\r(Guidelines)_S 64 _t\r(for)_S 64 _t\r(Incident)_S 64 _t\r(Handling)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(University)_S 64 _t\r(of)_S 64 _t\r(California)_S 64 _t\r(Technical)_S 1380 11163 _m\r
(Report)_S 64 _t\r(UCRL-104689,)_S 64 _t\r(1990.)_S 1831 10892 _m\r
(Contains)_S 64 _t\r(general)_S 64 _t\r(guidance)_S 64 _t\r(on)_S 64 _t\r(incident)_S 64 _t\r(handling)_S 64 _t\r(and)_S 64 _t\r(specific)_S 64 _t\r(procedures)_S 64 _t\r(for)_S 64 _t\r(viruses)_S 64 _t\r(and)_S 1831 10621 _m\r
(other)_S 64 _t\r(related)_S 64 _t\r(threats.)_S 128 _t\r(A)_S 64 _t\r(useful)_S 64 _t\r(document)_S 64 _t\r(for)_S 64 _t\r(organizing)_S 64 _t\r(incident)_S 64 _t\r(response)_S 64 _t\r(procedures.)_S 64 _t\r1831 10350 _m\r
(Available)_S 64 _t\r(from)_S 64 _t\r(NTIS,)_S 64 _t\r(5285)_S 64 _t\r(Port)_S 64 _t\r(Royal)_S 64 _t\r(Rd.,)_S 64 _t\r(Springfield,)_S 64 _t\r(VA)_S 64 _t\r(22161,)_S 64 _t\r(\(703\))_S 64 _t\r(487-4650.)_S 1380 9806 _m\r
(Spafford,)_S 64 _t\r(Eugene,)_S 64 _t\r("The)_S 64 _t\r(Internet)_S 64 _t\r(Worm)_S 64 _t\r(Program:)_S 64 _t\r(An)_S 64 _t\r(Analysis,")_S 64 _t\r/Times-ItalicR 580 _ff\r
(Computer)_S 64 _t\r(Communication)_S 64 _t\r(Re-)_S 1380 9601 _m\r
(view)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(Vol.)_S 64 _t\r(19,)_S 64 _t\r(No.)_S 64 _t\r(1,)_S 64 _t\r(ACM)_S 64 _t\r(SIGCOM,)_S 64 _t\r(January)_S 64 _t\r(1989.)_S 1831 9329 _m\r
(A)_S 64 _t\r(thorough)_S 64 _t\r(analysis)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(Internet)_S 64 _t\r(Worm,)_S 64 _t\r(including)_S 64 _t\r(information)_S 64 _t\r(on)_S 64 _t\r(the)_S 64 _t\r(vulnerabilities)_S 64 _t\r(it)_S 1831 9058 _m\r
(exploited,)_S 64 _t\r(how)_S 64 _t\r(it)_S 64 _t\r(spread,)_S 64 _t\r(and)_S 64 _t\r(analysis)_S 64 _t\r(of)_S 64 _t\r(its)_S 64 _t\r(software)_S 64 _t\r(routines.)_S 128 _t\r(A)_S 64 _t\r(good)_S 64 _t\r(source)_S 64 _t\r(of)_S 64 _t\r(informa-)_S 1831 8787 _m\r
(tion)_S 64 _t\r(about)_S 64 _t\r(how)_S 64 _t\r(network)_S 64 _t\r(worms)_S 64 _t\r(operate.)_S 128 _t\r(Available)_S 64 _t\r(on-line)_S 64 _t\r(from)_S 64 _t\r(NIST.)_S 1380 8243 _m\r
(Spafford,)_S 64 _t\r(E.,)_S 64 _t\r(Heaphy,)_S 64 _t\r(K.,)_S 64 _t\r(and)_S 64 _t\r(Ferbrache,)_S 64 _t\r(D.,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Computer)_S 64 _t\r(Viruses:)_S 64 _t\r(Dealing)_S 64 _t\r(with)_S 64 _t\r(Electronic)_S 64 _t\r(Vandal-)_S 1380 8038 _m\r
(ism)_S 64 _t\r(and)_S 64 _t\r(Programmed)_S 64 _t\r(Threats)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(ADAPSO,)_S 64 _t\r(1989.)_S 1831 7766 _m\r
(This)_S 64 _t\r(is)_S 64 _t\r(a)_S 64 _t\r(good)_S 64 _t\r(general)_S 64 _t\r(reference)_S 64 _t\r(on)_S 64 _t\r(computer)_S 64 _t\r(viruses)_S 64 _t\r(and)_S 64 _t\r(related)_S 64 _t\r(concerns.)_S 128 _t\r(In)_S 64 _t\r(addition)_S 64 _t\r(to)_S 1831 7495 _m\r
(describing)_S 64 _t\r(viruses)_S 64 _t\r(in)_S 64 _t\r(some)_S 64 _t\r(detail,)_S 64 _t\r(it)_S 64 _t\r(also)_S 64 _t\r(covers)_S 64 _t\r(more)_S 64 _t\r(general)_S 64 _t\r(security)_S 64 _t\r(issues,)_S 64 _t\r(legal)_S 64 _t\r(recourse)_S 1831 7224 _m\r
(in)_S 64 _t\r(case)_S 64 _t\r(of)_S 64 _t\r(security)_S 64 _t\r(problems,)_S 64 _t\r(and)_S 64 _t\r(includes)_S 64 _t\r(lists)_S 64 _t\r(of)_S 64 _t\r(laws,)_S 64 _t\r(journals)_S 64 _t\r(focused)_S 64 _t\r(on)_S 64 _t\r(computers)_S 1831 6953 _m\r
(security,)_S 64 _t\r(and)_S 64 _t\r(other)_S 64 _t\r(security-related)_S 64 _t\r(resources.)_S 128 _t\r(Available)_S 64 _t\r(from)_S 64 _t\r(ADAPSO,)_S 64 _t\r(1300)_S 64 _t\r(N.)_S 64 _t\r(17th)_S 64 _t\r(St,)_S 1831 6682 _m\r
(Suite)_S 64 _t\r(300,)_S 64 _t\r(Arlington,)_S 64 _t\r(VA)_S 64 _t\r(22209.)_S 128 _t\r(\(703\))_S 64 _t\r(522-5055.)_S 1380 6138 _m\r
([STEINBERG89])_S 64 _t\r(Steinberg,)_S 64 _t\r(Tad,)_S 64 _t\r("Developing)_S 64 _t\r(a)_S 64 _t\r(Computer)_S 64 _t\r(Security)_S 64 _t\r(Charter,")_S 64 _t\r/Times-ItalicR 580 _ff\r
(Security,)_S 64 _t\r(Audit,)_S 1380 5933 _m\r
(and)_S 64 _t\r(Control)_S 64 _t\r(Review)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(Vol.)_S 64 _t\r(6)_S 64 _t\r(No.)_S 64 _t\r(4,)_S 64 _t\r(ACM)_S 64 _t\r(SIGSAC,)_S 64 _t\r(Winter)_S 64 _t\r(1989.)_S 1831 5661 _m\r
(An)_S 64 _t\r(informative)_S 64 _t\r(article)_S 64 _t\r(on)_S 64 _t\r(developing)_S 64 _t\r(a)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(charter.)_S 128 _t\r(Contains)_S 64 _t\r(useful)_S 64 _t\r(exam-)_S 1831 5390 _m\r
(ples)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(charter's)_S 64 _t\r(contents.)_S 1380 4846 _m\r
([STEWART89])_S 64 _t\r(Stewart,)_S 64 _t\r(Geoffrey,)_S 64 _t\r(and)_S 64 _t\r(Sylvester,)_S 64 _t\r(David,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(Potential)_S 64 _t\r(Liabilities)_S 64 _t\r(of)_S 64 _t\r(Computer)_S 64 _t\r(Secu-)_S 1380 4641 _m\r
(rity)_S 64 _t\r(Response)_S 64 _t\r(Centers)_S 64 _t\r(Arising)_S 64 _t\r(from)_S 64 _t\r(Notification)_S 64 _t\r(to)_S 64 _t\r(Publishers)_S 64 _t\r(and)_S 64 _t\r(Users)_S 64 _t\r(of)_S 64 _t\r(Security)_S 64 _t\r(Deficiencies)_S 1380 4438 _m\r
(in)_S 64 _t\r(Software)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(December,)_S 64 _t\r(1989.)_S 1831 4166 _m\r
(A)_S 64 _t\r(highly)_S 64 _t\r(useful)_S 64 _t\r(paper)_S 64 _t\r(that)_S 64 _t\r(concentrates)_S 64 _t\r(on)_S 64 _t\r(legal)_S 64 _t\r(liabilities)_S 64 _t\r(that)_S 64 _t\r(a)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(response)_S 1831 3895 _m\r
(center)_S 64 _t\r(might)_S 64 _t\r(face.)_S 128 _t\r(It)_S 64 _t\r(contains)_S 64 _t\r(some)_S 64 _t\r(legal)_S 64 _t\r(advice,)_S 64 _t\r(although)_S 64 _t\r(it)_S 64 _t\r(does)_S 64 _t\r(not)_S 64 _t\r(purport)_S 64 _t\r(to)_S 64 _t\r(contain)_S 1831 3624 _m\r
(authoritative)_S 64 _t\r(answers)_S 64 _t\r(to)_S 64 _t\r(legal)_S 64 _t\r(questions.)_S 128 _t\r(Certain)_S 64 _t\r(incurred)_S 64 _t\r(liabilities)_S 64 _t\r(are)_S 64 _t\r(described)_S 64 _t\r(along)_S 1831 3353 _m\r
(with)_S 64 _t\r(methods)_S 64 _t\r(and)_S 64 _t\r(steps)_S 64 _t\r(to)_S 64 _t\r(take)_S 64 _t\r(for)_S 64 _t\r(reducing)_S 64 _t\r(legal)_S 64 _t\r(exposure.)_S 128 _t\r(This)_S 64 _t\r(paper)_S 64 _t\r(also)_S 64 _t\r(contains)_S 64 _t\r(ad-)_S 1831 3082 _m\r
(vice)_S 64 _t\r(for)_S 64 _t\r(dealing)_S 64 _t\r(with)_S 64 _t\r(vendors)_S 64 _t\r(as)_S 64 _t\r(regards)_S 64 _t\r(reporting)_S 64 _t\r(of)_S 64 _t\r(software)_S 64 _t\r(defects)_S 64 _t\r(and)_S 64 _t\r(vulnerabilities.)_S 64 _t\r1831 2811 _m\r
(Available)_S 64 _t\r(on-line)_S 64 _t\r(from)_S 64 _t\r(NIST.)_S 1380 2267 _m\r
(Stoll,)_S 64 _t\r(Cliff,)_S 64 _t\r/Times-ItalicR 580 _ff\r
(The)_S 64 _t\r(Cuckoo's)_S 64 _t\r(Egg)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(Doubleday,)_S 64 _t\r(New)_S 64 _t\r(York,)_S 64 _t\r(1989.)_S 1831 1995 _m\r
(This)_S 64 _t\r(book)_S 64 _t\r(describes)_S 64 _t\r(the)_S 64 _t\r(author's)_S 64 _t\r(discovery)_S 64 _t\r(and)_S 64 _t\r(subsequent)_S 64 _t\r(tracking)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(series)_S 64 _t\r(of)_S 64 _t\r(break-ins)_S 1831 1724 _m\r
(to)_S 64 _t\r(computer)_S 64 _t\r(sites)_S 64 _t\r(connected)_S 64 _t\r(to)_S 64 _t\r(military)_S 64 _t\r(and)_S 64 _t\r(research)_S 64 _t\r(networks.)_S 128 _t\r(The)_S 64 _t\r(book)_S 64 _t\r(is)_S 64 _t\r(entertaining)_S 5183 893 _m\r
(37)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
1020 12223 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /Times-RomanR 580 _ff\r
1471 11578 _m\r
(and)_S 64 _t\r(easy)_S 64 _t\r(to)_S 64 _t\r(read,)_S 64 _t\r(as)_S 64 _t\r(it)_S 64 _t\r(explains)_S 64 _t\r(many)_S 64 _t\r(technical)_S 64 _t\r(issues)_S 64 _t\r(in)_S 64 _t\r(laymen's)_S 64 _t\r(terms.)_S 128 _t\r(The)_S 64 _t\r(book)_S 64 _t\r(is)_S 64 _t\r(espe-)_S 1471 11307 _m\r
(cially)_S 64 _t\r(useful)_S 64 _t\r(to)_S 64 _t\r(managers)_S 64 _t\r(of)_S 64 _t\r(systems)_S 64 _t\r(connected)_S 64 _t\r(to)_S 64 _t\r(networks.)_S 1020 10763 _m\r
([WCSIR91])_S 64 _t\r/Times-ItalicR 580 _ff\r
(Proceedings)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(Third)_S 64 _t\r(Invitational)_S 64 _t\r(Workshop)_S 64 _t\r(on)_S 64 _t\r(Computer)_S 64 _t\r(Security)_S 64 _t\r(Incident)_S 64 _t\r(Re-)_S 1020 10558 _m\r
(sponse)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(August,)_S 64 _t\r(1991.)_S 1471 10286 _m\r
(The)_S 64 _t\r(proceedings)_S 64 _t\r(to)_S 64 _t\r(these)_S 64 _t\r(conferences)_S 64 _t\r(are)_S 64 _t\r(very)_S 64 _t\r(useful)_S 64 _t\r(for)_S 64 _t\r(those)_S 64 _t\r(interested)_S 64 _t\r(in)_S 64 _t\r(establishing)_S 1471 10015 _m\r
(incident)_S 64 _t\r(response)_S 64 _t\r(capabilities.)_S 128 _t\r(Information)_S 64 _t\r(on)_S 64 _t\r(these)_S 64 _t\r(proceedings)_S 64 _t\r(can)_S 64 _t\r(be)_S 64 _t\r(obtained)_S 64 _t\r(from)_S 64 _t\r1471 9744 _m\r
(CERT/CC,)_S 64 _t\r(SEI,)_S 64 _t\r(Carnegie)_S 64 _t\r(Mellon)_S 64 _t\r(U.,)_S 64 _t\r(Pittsburgh,)_S 64 _t\r(PA)_S 64 _t\r(15213-3890)_S /Helvetica-BoldR 580 _ff\r
1020 9194 _m\r
(Obtaining)_S 64 _t\r(Electronic)_S 64 _t\r(Information)_S 64 _t\r(from)_S 64 _t\r(NIST)_S 1471 8818 _m\r
/Times-RomanR 580 _ff\r
(Works)_S 64 _t\r(from)_S 64 _t\r(this)_S 64 _t\r(section)_S 64 _t\r(noted)_S 64 _t\r(as)_S 64 _t\r(being)_S 64 _t\r(available)_S 64 _t\r(on-line)_S 64 _t\r(from)_S 64 _t\r(NIST,)_S 64 _t\r(as)_S 64 _t\r(well)_S 64 _t\r(as)_S 64 _t\r(this)_S 64 _t\r(docu-)_S 1020 8547 _m\r
(ment)_S 64 _t\r(and)_S 64 _t\r(other)_S 64 _t\r(general)_S 64 _t\r(information,)_S 64 _t\r(can)_S 64 _t\r(be)_S 64 _t\r(obtained)_S 64 _t\r(via)_S 64 _t\r(the)_S 64 _t\r(NIST)_S 64 _t\r(Computer)_S 64 _t\r(Security)_S 64 _t\r(Resource)_S 1020 8276 _m\r
(Center)_S 64 _t\r(BBS)_S 64 _t\r(or)_S 64 _t\r(via)_S 64 _t\r(the)_S 64 _t\r(Internet)_S 64 _t\r(using)_S 64 _t\r(ftp:)_S 1471 7960 _m\r
(BBS:)_S 2220 7960 _m\r
(\(301\))_S 64 _t\r(948-5717)_S 64 _t\r(\(2400)_S 64 _t\r(or)_S 64 _t\r(less\),)_S 2220 7757 _m\r
(\(301\))_S 64 _t\r(948-5140)_S 64 _t\r(\(9600\))_S 1471 7439 _m\r
(ftp:)_S 2220 7439 _m\r
(ftp)_S 64 _t\r/Times-ItalicR 580 _ff\r
(csrc.ncsl.nist.gov)_S /Times-RomanR 580 _ff\r
64 _t\r(\(129.6.54.11\),)_S 64 _t\r2220 7234 _m\r
(login)_S 64 _t\r(as)_S 64 _t\r(user)_S 64 _t\r/Times-ItalicR 580 _ff\r
(anonymous)_S /Times-RomanR 580 _ff\r
(,)_S 64 _t\r(password)_S 64 _t\r/Times-ItalicR 580 _ff\r
(your)_S 64 _t\r(name)_S /Times-RomanR 580 _ff\r
(,)_S 2220 7029 _m\r
(works)_S 64 _t\r(are)_S 64 _t\r(located)_S 64 _t\r(in)_S 64 _t\r(directory)_S 64 _t\r/Times-ItalicR 580 _ff\r
(pub)_S /Times-RomanR 580 _ff\r
4823 893 _m\r
(38)_S _ep\r
_bp /Times-RomanR 580 _ff\r
0 13200 10200 _ornt \r
/_r { sflg {/_t {0 rmoveto}bdef /ron false def}\r
{ /_S /show load def /_t {0 rmoveto}bdef /ron false def}ifelse\r
}bdef\r
/HelveticaR 900 _ff\r
7489 12220 _m\r
/Times-RomanR 565 _ff\r
(E)_S /Times-RomanR 390 _ff\r
(STABLISHING)_S 43 _t\r(A)_S 43 _t\r/Times-RomanR 565 _ff\r
(CSIRC)_S /HelveticaR 900 _ff\r
1380 11483 _m\r
/Helvetica-BoldR 900 _ff\r
(Appendix)_S 100 _t\r(B.)_S 100 _t\r(Forum)_S 100 _t\r(of)_S 100 _t\r(Incident)_S 100 _t\r(Response)_S 100 _t\r(&)_S 100 _t\r(Security)_S 1380 11083 _m\r
(Teams)_S 100 _t\r(\(FIRST\))_S 100 _t\r1831 10373 _m\r
/Times-RomanR 580 _ff\r
(The)_S 64 _t\r(Forum)_S 64 _t\r(of)_S 64 _t\r(Incident)_S 64 _t\r(Response)_S 64 _t\r(and)_S 64 _t\r(Security)_S 64 _t\r(Teams)_S 64 _t\r(\(FIRST\))_S 64 _t\r(is)_S 64 _t\r(an)_S 64 _t\r(organization)_S 64 _t\r(whose)_S 1380 10102 _m\r
(members)_S 64 _t\r(work)_S 64 _t\r(together)_S 64 _t\r(voluntarily)_S 64 _t\r(to)_S 64 _t\r(deal)_S 64 _t\r(with)_S 64 _t\r(computer)_S 64 _t\r(security)_S 64 _t\r(problems)_S 64 _t\r(and)_S 64 _t\r(their)_S 64 _t\r(prevention.)_S 64 _t\r1380 9831 _m\r
(The)_S 64 _t\r(forum)_S 64 _t\r(is)_S 64 _t\r(composed)_S 64 _t\r(of)_S 64 _t\r(a)_S 64 _t\r(Secretariat,)_S 64 _t\r(Steering)_S 64 _t\r(Committee,)_S 64 _t\r(Representatives)_S 64 _t\r(from)_S 64 _t\r(each)_S 64 _t\r(partici-)_S 1380 9560 _m\r
(pating)_S 64 _t\r(team,)_S 64 _t\r(and)_S 64 _t\r(ad)_S 64 _t\r(hoc)_S 64 _t\r(working)_S 64 _t\r(groups.)_S 128 _t\r(The)_S 64 _t\r(forum)_S 64 _t\r(meets)_S 64 _t\r(regularly)_S 64 _t\r(and)_S 64 _t\r(conducts)_S 64 _t\r(periodic)_S 1380 9289 _m\r
(workshops)_S 64 _t\r(on)_S 64 _t\r(incident)_S 64 _t\r(handling.)_S 1831 8747 _m\r
(There)_S 64 _t\r(are)_S 64 _t\r(two)_S 64 _t\r(types)_S 64 _t\r(of)_S 64 _t\r(participation)_S 64 _t\r(in)_S 64 _t\r(the)_S 64 _t\r(forum.)_S 128 _t\r/Times-BoldR 580 _ff\r
(Forum)_S 64 _t\r(Members)_S /Times-RomanR 580 _ff\r
64 _t\r(represent)_S 64 _t\r(organiza-)_S 1380 8476 _m\r
(tions)_S 64 _t\r(who)_S 64 _t\r(assist)_S 64 _t\r(an)_S 64 _t\r(information)_S 64 _t\r(technology)_S 64 _t\r(community)_S 64 _t\r(or)_S 64 _t\r(other)_S 64 _t\r(defined)_S 64 _t\r(constituency)_S 64 _t\r(in)_S 64 _t\r(prevent-)_S 1380 8205 _m\r
(ing)_S 64 _t\r(and)_S 64 _t\r(handling)_S 64 _t\r(computer)_S 64 _t\r(security-related)_S 64 _t\r(incidents,)_S 64 _t\r(i.e.,)_S 64 _t\r(incident)_S 64 _t\r(response)_S 64 _t\r(teams.)_S 128 _t\r/Times-BoldR 580 _ff\r
(Liaisons)_S /Times-RomanR 580 _ff\r
64 _t\r(are)_S 1380 7934 _m\r
(individuals)_S 64 _t\r(or)_S 64 _t\r(representatives)_S 64 _t\r(of)_S 64 _t\r(organizations)_S 64 _t\r(other)_S 64 _t\r(than)_S 64 _t\r(emergency)_S 64 _t\r(response)_S 64 _t\r(teams)_S 64 _t\r(that)_S 64 _t\r(have)_S 64 _t\r(a)_S 1380 7663 _m\r
(legitimate)_S 64 _t\r(interest)_S 64 _t\r(in)_S 64 _t\r(and)_S 64 _t\r(value)_S 64 _t\r(to)_S 64 _t\r(the)_S 64 _t\r(forum.)_S 1831 7121 _m\r
(Information)_S 64 _t\r(on)_S 64 _t\r(a)_S 64 _t\r(prospective)_S 64 _t\r(participant)_S 64 _t\r(is)_S 64 _t\r(circulated)_S 64 _t\r(among)_S 64 _t\r(existing)_S 64 _t\r(Forum)_S 64 _t\r(Members)_S 64 _t\r(for)_S 1380 6850 _m\r
(possible)_S 64 _t\r(nomination)_S 64 _t\r(interest.)_S 128 _t\r(Information)_S 64 _t\r(provided)_S 64 _t\r(by)_S 64 _t\r(the)_S 64 _t\r(nominee)_S 64 _t\r(is)_S 64 _t\r(reviewed)_S 64 _t\r(by)_S 64 _t\r(the)_S 64 _t\r(Steering)_S 1380 6579 _m\r
(Committee,)_S 64 _t\r(which)_S 64 _t\r(votes)_S 64 _t\r(on)_S 64 _t\r(acceptance)_S 64 _t\r(of)_S 64 _t\r(the)_S 64 _t\r(nominee.)_S 128 _t\r(Written)_S 64 _t\r(notification)_S 64 _t\r(of)_S 64 _t\r(acceptance)_S 64 _t\r(is)_S 64 _t\r(sent)_S 1380 6308 _m\r
(by)_S 64 _t\r(the)_S 64 _t\r(Secretariat.)_S 64 _t\r1831 5766 _m\r
(Membership)_S 64 _t\r(information)_S 64 _t\r(and)_S 64 _t\r(operational)_S 64 _t\r(procedures)_S 64 _t\r(are)_S 64 _t\r(available)_S 64 _t\r(on-line)_S 64 _t\r(from)_S 64 _t\r(the)_S 64 _t\r(NIST)_S 1380 5495 _m\r
(Computer)_S 64 _t\r(Security)_S 64 _t\r(Resource)_S 64 _t\r(Center)_S 64 _t\r(BBS)_S 64 _t\r(or)_S 64 _t\r(via)_S 64 _t\r(the)_S 64 _t\r(Internet)_S 64 _t\r(using)_S 64 _t\r(ftp;)_S 64 _t\r(refer)_S 64 _t\r(to)_S 64 _t\r(Appendix)_S 64 _t\r(A)_S 64 _t\r(for)_S 1380 5224 _m\r
(details.)_S 128 _t\r(More)_S 64 _t\r(information)_S 64 _t\r(about)_S 64 _t\r(FIRST)_S 64 _t\r(can)_S 64 _t\r(be)_S 64 _t\r(obtained)_S 64 _t\r(by)_S 64 _t\r(contacting)_S 64 _t\r(any)_S 64 _t\r(participating)_S 64 _t\r(member)_S 1380 4953 _m\r
(or)_S 64 _t\r(the)_S 64 _t\r(National)_S 64 _t\r(Institute)_S 64 _t\r(of)_S 64 _t\r(Standards)_S 64 _t\r(and)_S 64 _t\r(Technology)_S 64 _t\r(at)_S 64 _t\r(the)_S 64 _t\r(following)_S 64 _t\r(address:)_S 1831 4637 _m\r
(National)_S 64 _t\r(Institute)_S 64 _t\r(of)_S 64 _t\r(Standards)_S 64 _t\r(and)_S 64 _t\r(Technology)_S 1831 4434 _m\r
(Computer)_S 64 _t\r(Security)_S 64 _t\r(and)_S 64 _t\r(Management)_S 64 _t\r(Group)_S 1831 4231 _m\r
(A-216,)_S 64 _t\r(Technology)_S 1831 4028 _m\r
(Gaithersburg,)_S 64 _t\r(MD)_S 128 _t\r(20899)_S 1831 3825 _m\r
(Telephone:)_S 64 _t\r(\(301\))_S 64 _t\r(975-3359)_S 1831 3622 _m\r
(Facsimile:)_S 64 _t\r(\(301\))_S 64 _t\r(590-0932)_S 1831 3417 _m\r
(Internet)_S 64 _t\r(e-mail:)_S 64 _t\r/Times-ItalicR 580 _ff\r
(csrc@csrc.ncsl.nist.gov)_S /Times-RomanR 580 _ff\r
5183 893 _m\r
(39)_S _ep\r
_ed end end\r
▶04◀