The Forum of Incident Response and Security Teams (FIRST) have announced the release of new training resources to help companies build and mature Product Security Incident Response Teams (PSIRTs). Developed by FIRST’s own PSIRT committee the materials are aimed at inhouse teams responsible for identifying and responding to product vulnerabilities. The purpose of the training is to demonstrate the differences and requirements management and stakeholders should be aware of to fully realize the potential of a PSIRT to their organization. This training supplements the PSIRT Framework, which was developed over the course of the last few months by security practitioners across FIRST’s global members.
“Through the PSIRT Framework and training material, some of the industry’s leading security experts are sharing all their expertise for managing security crises,” stated Thomas Schreck, Chair of FIRST. “The accompanying video training will introduce all interested parties to the core services areas within the PSIRT Service Framework.”
The training materials help companies build and implement strategies to mitigate and respond to vulnerabilities in the products and hardware that propel much of the information infrastructure. “Recent events have shown the importance of having the ability to quickly respond to product vulnerabilities,” stated Serge Droz, Board member and Education Liaison. “This new framework is designed to assist both those looking to start a PSIRT program as well as those looking to mature their existing capabilities.”
If an organization engineers and develops products or services for customers that are internet connected, the PSIRT Committee suggests using the Framework as a means to support incident responders. The Framework can also be used to convey to others, in a common language, the importance of working on product security issues. Version 1.0 of the PSIRT Framework, released at the same time, is available on the FIRST website https://www.first.org/education/Draft_FIRST_PSIRT_Service_Framework_v1.0.pdf. The final version will be publicly released in the fall. The training materials are available to the public for educational use on https://learning.first.org. FIRST will also provide training to PSIRT teams as part of its current Education and Training Program.
About the PSIRT Training Course
This video-based course introduces practitioners to the core Service Areas of the PSIRT Services Framework.
The course covers the key concepts of developing and maintaining a mature PSIRT.
- What a PSIRT is and the various organizational structures to them
- The foundations of a solid PSIRT
- How to define and manage stakeholders
- Vulnerability discovery, reporting, and intake
- Vulnerability qualification and reproduction
- Patch management, remediation, and incident handling
- Stakeholder notification, coordination, and disclosure
- Training within your organization to ensure efficient product security processes
FIRST thanks and recognizes the following organizations for participating in the production of the training videos DELL, EMC, Hikvision, Honeywell International, Lenovo, Microsoft, NVIDIA, Oracle, CERT/CC, and Red Hat.
Founded in 1990, the Forum of Incident Response and Security Teams (FIRST) consists of internet emergency response teams from more than 360 corporations, government bodies, universities and other institutions across 78 countries in the Americas, Asia, Europe, Africa, and Oceania. It promotes cooperation among computer security incident response teams. For more information, visit: https://www.first.org.