Fact-finding Report on the Establishment and Operation of CSIRTs in Japan
Cyber attacks in recent years have become increasingly diverse in terms of their aims, targets, and TTPs (Tactics, Techniques, and Procedures) used. Occasionally, the impact can be large enough to shake the foundation of a business. One approach that is drawing attention is to establish a Computer Security Incident Response Team (CSIRT) that will serve as the linchpin of an organization to effectively handle security incidents.
CSIRTs can be established and operated in various forms, depending on the target scope of the service, culture of the organization and the technical backgrounds of the team members. In Japan, there is a CSIRT association namely NCA (Nippon CSIRT Association)*1 which aims to foster cooperation and trustworthy relationships among CSIRTs to facilitate prompt, appropriate response. Cybersecurity Management Guidelines*2 released from Ministry of Economy, Trade and Industry in December 2015, referred to the need to establish CSIRTs, and this has been boosting the number of CSIRTs in Japan that the number of CSIRTs that joins NCA has reached to 232 CSIRTs (as of May 12, 2017). Amid the situation, many newly joined CSIRTs in the association are seeking good practices through exchanging information on CSIRT structures and activities with those of other CSIRT. In response to this, JPCERT/CC, who is serving as a secretariat of NCA, conducted a survey by looking at the activities of internal CSIRTs at many different organizations in Japan.
The survey was conducted in December 2015 by means of a questionnaire and interviews targeting 66 NCA members. The questionnaire included items such as the organizational structure, composition of members, policies, and other matters that should be defined when establishing a CSIRT. The interviews were conducted with CSIRTs that are notable for their distinctive activities in each industry, and examined the status of efforts at each organization and issues they face. The outcome was gathered into a report and was released in Japanese as Fact-finding Report on the Establishment and Operation of CSIRTs 2015 on June 29, 2016.
Following this release, today, we release the English version of the report to share the results with information security community member all around the globe. Although the basis of social composition, culture, organizational constitution and so on may differ in each economy, we hope that this document will serve as a useful reference in terms of establishing a CSIRT at their organization or to compare the situation with those organizations in overseas.
For executive summary, please refer to this page: JPCERT/CC English Blog "Fact-finding Report on the Establishment and Operation of CSIRTs in Japan"--------------------
|(1)||NCA (Nippon CSIRT Association)|
|(2)||Cybersecurity Management Guidelines|
|2017-05-12||Fact-finding Report on the Establishment and Operation of CSIRTs in Japan 2015||