Good Practice Guide Reporting Security Incidents
Resilient e-Communications Networks
85
10
Appendix C: Resources
General Documents
COM(2009) 149 "Protecting Europe from large scale cyber-attacks and disruptions: enhancing
preparedness, security and resilience," Communication from the Commission to the European
parliament, the Council, the European Economic and Social committee and the Committee of the
Regions,
COM(2006) 251 "A strategy for a Secure information Society "Dialogue, partnership and
empowerment"", Communication from the Commission to the European parliament, the Council, the
European Economic and Social committee and the Committee of the Regions,
ENISA NSIE Guide. "Good Practice Guide: Network Information Security Information Exchanges."
CERT Guidelines
ENISA. "CSIRT Setting up Guide". ENISA has formulated a guide for setting up CSIRTs for single
organizations, whole sectors, or on the national level.
GOVCERT.NL "CERT-in-a-box," "Alerting-service-in-a-box". Summary of the lessons learned during
setting up GOVCERT.NL and the Dutch national Alerting service.
NIST Incident Handling Guide. Tim Grance, Karen Kent, Brian Kim: "Computer Security Incident
Handling Guide: Recommendations of the National Institute of Standards and Technology," (January
2004). The Guide provides guidance on cybersecurity incident handling, incident reporting inclusive.
CERT.FI "National and Governmental CSIRTs in Europe" In October 2009 CERT.FI conducted an
overview of eleven CSIRTS and GovCERTs in Europe, including some ideas on their typical functions
and evolution strategies.
CERT/CC "Steps for Creating National CSIRTs". CERT/CC suggests steps to organize a national
CERT/CSIRT.
Regulatory Decrees
FICORA "Regulation On Obligation to Report Information Security Incidents and Faults and
Disturbances in Public Telecommunications" (Under Revision).
OFTA. "Guidelines for Cable-Based External Fixed Telecommunications Network Services Operators
and Internet Service Providers for Reporting Network and Service Outages"