The Unified Security Incident Response Plan (USIRP) is one of the primary means by which ICASI fulfills its mission of enhancing the global security landscape. Comprising a trusted forum and supporting processes, procedures, and tools, the USIRP enables Security Incident Response Teams (SIRTs) from ICASI member companies to collaborate quickly and effectively to resolve complex, multi-vendor Internet security issues. These issues include: vulnerabilities in commonly-used software; incidents - urgent or emergent - that affect three or more ICASI member organizations; and ongoing or long-term problems that warrant a strategic response.
The USIRP works by harmonizing ICASI member companies' internal security incident response procedures and personnel by providing a common, formal framework with which these organizations can: trigger a USIRP event; share critical information about it; and work together effectively on a coordinated response.
The components of the USIRP include:
- An Incident Handling Collaboration Manual that details the procedures for reporting and prioritizing USIRP security incidents, triggering investigations, engaging technical resources, developing plans, and resolving problems.
- A set of assigned roles and responsibilities for members of the ICASI Unified Security Incident Response Team (USIRT).
- A secure online collaboration portal.
- An Incident Handling System that includes a parent "work group;" the most current, approved versions of the Incident Handling Collaboration Manual; supporting templates; the USIRP Incident Tracking Log and other documentation; and multiple "subgroups" which are used as the team collaboration environment for each incident.
USIRP incidents are triggered when a designated USIRP incident initiator from an ICASI member company has investigated a security incident using that company's regular internal procedures and determined that the problem may involve three or more member companies. Because ICASI member companies developed a unique, multilateral non-disclosure agreement (NDA) expressly for the USIRP, they are able to collaborate and share critical information openly with one another while protecting each company's intellectual property.
The USIRP is a living plan that is continuously updated, revised, and refined as it is practiced.
For more information, contact secure@ICASI.org.
In the ever-complex world of IT security, coordination around vulnerabilities and incidents is becoming more and more challenging. ICASI is co-sponsor of and an active participant in a Vulnerability Coordination SIG within FIRST will is bringing together a multi-stakeholder, cross-industry group with the aim of improving the way in which vulnerabilities are coordinated and related information is shared with stakeholders across like communities.