| The Unified Security Incident Response Plan (USIRP)
| Coordination Working Group

The Unified Security Incident Response Plan

The Unified Security Incident Response Plan (USIRP) is one of the primary means by which ICASI fulfills its mission of enhancing the global security landscape. Comprising a trusted forum and supporting processes, procedures, and tools, the USIRP enables Security Incident Response Teams (SIRTs) from ICASI member companies to collaborate quickly and effectively to resolve complex, multi-vendor Internet security issues. These issues include: vulnerabilities in commonly-used software; incidents - urgent or emergent - that affect three or more ICASI member organizations; and ongoing or long-term problems that warrant a strategic response.

The USIRP works by harmonizing ICASI member companies' internal security incident response procedures and personnel by providing a common, formal framework with which these organizations can: trigger a USIRP event; share critical information about it; and work together effectively on a coordinated response.

The components of the USIRP include:

  • An Incident Handling Collaboration Manual that details the procedures for reporting and prioritizing USIRP security incidents, triggering investigations, engaging technical resources, developing plans, and resolving problems.
  • A set of assigned roles and responsibilities for members of the ICASI Unified Security Incident Response Team (USIRT).
  • A secure online collaboration portal.
  • An Incident Handling System that includes a parent "work group;" the most current, approved versions of the Incident Handling Collaboration Manual; supporting templates; the USIRP Incident Tracking Log and other documentation; and multiple "subgroups" which are used as the team collaboration environment for each incident.

USIRP incidents are triggered when a designated USIRP incident initiator from an ICASI member company has investigated a security incident using that company's regular internal procedures and determined that the problem may involve three or more member companies. Because ICASI member companies developed a unique, multilateral non-disclosure agreement (NDA) expressly for the USIRP, they are able to collaborate and share critical information openly with one another while protecting each company's intellectual property.

The USIRP is a living plan that is continuously updated, revised, and refined as it is practiced.

For more information, contact

Coordination Working Group

In the ever-complex world of IT security, coordination around vulnerabilities and incidents is becoming more and more challenging. ICASI is co-sponsor of and an active participant in a Vulnerability Coordination SIG within FIRST will is bringing together a multi-stakeholder, cross-industry group with the aim of improving the way in which vulnerabilities are coordinated and related information is shared with stakeholders across like communities.