Necessity of CSIRT

With the threat of cyber attacks and insider threats becoming more complex and serious these days, the environment surrounding companies is changing, and it is becoming increasingly difficult to completely prevent the occurrence of information security incidents ("incidents").
Under such situation, it is essential for organizations to have a system in place on a regular basis to minimize damage and quickly recover from incidents as they occur. The necessity for cyber security is also mentioned by the government in its "Cyber Security Strategy" (Cabinet Cyber Security Center), "Cyber Security Management Guidelines" (Ministry of Economy, Trade and Industry), and "Action Policy for Strengthening Cyber Security in the Financial Sector" (Financial Services Agency).

CSIRT

CSIRT (Computer Security Incident Response Team) refers to a team within the organization that specializes in incident response and is established to minimize damage and quickly recover from the incident.
When incident occurs, CSIRT receives incident report, provides technical support, and conducts activities in cooperation and coordination with the relevant departments of the organization. During normal times, CSIRT collects security-related information, conducts educational activities and send reminders within the organization, conducts incident response training, and shares information with external organizations in the CSIRT community.

About INTELLILINK CSIRT Establishment/Re-establishment/Strengthening Service

The best solution given by CSIRT varies depending on the purpose of establishment of each customer, the nature of the business, and the nature of the system including the organization and group companies.
In the INTELLILINK CSIRT establishment/restructuring/strengthening service, we define CSIRT suitable for the customer, design operations, and provide support for the development of manuals and other documents necessary for each operation. If necessary, we provide continued support until the operation is on track. We also provide support for restructuring CSIRT that has already been established but has lost its substance due to unsatisfactory activities and creating accompanying manuals.

Benefits of using INTELLILINK CSIRT Establishment/Restructuring/Strengthening Service

We have experience of establishing/restructuring CSIRT for customers in diverse industries such as telecommunications, finance, manufacturing, and retail. INTELLILINK CSIRT Establishment/Restructuring/Strengthening Service is provided mainly by members who are active in our own CSIRT and have extensive knowledge of operating a CSIRT, such as incident response experience. Our strength lies in our ability to provide highly effective CSIRT establishment and restructuring in accordance with the situation of each customer, based on our past experience and knowledge.
We also offer a range of services to support operations after the CSIRT is established, such as our emergency support service "Security Incident Emergency Service", to support CSIRT activities of customers in the future.

Flow for establishing CSIRT

For specific implementation details and duration, please contact us using the inquiry form.

About "CSIRT Strengthening Support Service"

Although CSIRT has been established and activities have started, we often hear concerns such as, "Is the system and response procedure appropriate?" or "Actual activities are different from the initially defined activities," or requests for "strengthening and adding functions after objectively understanding the current status of the CSIRT".
The "CSIRT Strengthening Service" is a service to solve such problems and demands of customers after the establishment of CSIRT. First, we objectively grasp and evaluate the current status of the CSIRT of customer by interviewing the customer based on our knowledge and by using criteria such as SIM3^* to evaluate the maturity of the CSIRT, and identify issues. In addition, after presenting a reinforcement policy tailored to the customer resources, we support the reinforcement of the CSIRT by designing operations, and revising or creating manuals used in CSIRT operations.

*SIM3 stands for Security Incident Management Maturity Model and is pronounced "SIM-three".
It is a standard to evaluate the maturity of CSIRT proposed by OCF (Open CSIRT Foundation) and is widely used in Europe.

Difference between CSIRT restructuring and CSIRT strengthening

　While the CSIRT restructuring service reviews and redesigns overall CSIRT activities, the CSIRT strengthening service focuses on visible issues or issues discovered by understanding the current situation, and supports the improvement of the CSIRT level by strengthening or adding functions.

Benefits of using CSIRT Strengthening Support Service

We have past experience of helping customers in diverse industries such as telecommunications, finance, manufacturing, and retail strengthen their CSIRTs. We mainly provide members who are active in our own CSIRT and have extensive knowledge of operating a CSIRT, including incident response experience. Our strength lies in our ability to provide highly effective CSIRT strengthening policy in accordance with the situation of each customer, based on our past experience and knowledge.

Flow of CSIRT strengthening support

For specific implementation details and duration, please contact us using the inquiry form.