The Unified Security Incident Response Plan (USIRP) is one of the primary means by which ICASI fulfills its mission of enhancing the global security landscape. Comprising a trusted forum and supporting processes, procedures, and tools, the USIRP enables Security Incident Response Teams (SIRTs) from ICASI member companies to collaborate quickly and effectively to resolve complex, multi-vendor Internet security issues. These issues include: vulnerabilities in commonly-used software; incidents - urgent or emergent - that affect three or more ICASI member organizations; and ongoing or long-term problems that warrant a strategic response.
The USIRP works by harmonizing ICASI member companies' internal security incident response procedures and personnel by providing a common, formal framework with which these organizations can: trigger a USIRP event; share critical information about it; and work together effectively on a coordinated response.
The components of the USIRP include:
- An Incident Handling Collaboration Manual that details the procedures for reporting and prioritizing USIRP security incidents, triggering investigations, engaging technical resources, developing plans, and resolving problems.
- A set of assigned roles and responsibilities for members of the ICASI Unified Security Incident Response Team (USIRT).
- A secure online collaboration portal.
- An Incident Handling System that includes a parent "work group;" the most current, approved versions of the Incident Handling Collaboration Manual; supporting templates; the USIRP Incident Tracking Log and other documentation; and multiple "subgroups" which are used as the team collaboration environment for each incident.
USIRP incidents are triggered when a designated USIRP incident initiator from an ICASI member company has investigated a security incident using that company's regular internal procedures and determined that the problem may involve three or more member companies. Because ICASI member companies developed a unique, multilateral non-disclosure agreement (NDA) expressly for the USIRP, they are able to collaborate and share critical information openly with one another while protecting each company's intellectual property.
The USIRP is a living plan that is continuously updated, revised, and refined as it is practiced.
For more information, contact secure@ICASI.org.
In the ever-complex world of IT security, coordination around threats and incidents is becoming more and more challenging. The ICASI Coordination WG is working to establish and promote best practices around coordination activities, inclusive of industry participants and established coordination bodies.