Current

From time-to-time, TF-CSIRT supports a range of Working Groups for the Community.  Information about current and past groups will be maintained here.

1. Reference Security Incident Taxonomy Working Group

Following a discussion amongst the CSIRT community during the 51st TF-CSIRT meeting (15 May 2017 in The Hague, Netherlands), it was concluded that there is an urgent need for a taxonomy list and name that serves as a fixed reference for everyone. This is why ENISA and TF-CSIRT created the Reference Security Incident Taxonomy Working Group. The aim of this working group is to enable the CSIRT community in reaching a consensus on a reference taxonomy.

To join the working group, the requester should send an email to ENISA secretariat  CSIRT-Relations@enisa.europa.eu or sign up for a physical meeting during a TF-CSIRT event. In case of physical meeting, please notify in presence to the ENISA secretariat or via email the request for addition to the mailing list.

For more info visit the GitHub repository

Check the TF-CSIRT meeting page to register for the next upcoming meeting.

2. TF-CSIRT Futures Working Group

The aim of the working group is to discuss the potential options for a future home for TF-CSIRT and to make recommendations to the TF-CSIRT Steering Committee as to what options should be explored further and what questions should be answered for the community. The group will not consider how these requirements will be delivered.

This group is formed to collect community input. The role of the group is advisory and not decision making.

Work of the group will be in several iterations defining questions, assessing output from external consultants, narrowing down options, defining next set of questions, etc.

This working group is closed to current members only.

3. CERTS PR Working Group

CERTs’ PR Group – cooperation between PR, marketing specialists and communicators within CERT and CSIRT community! The aim of the group is to initiate and develop collaboration between CERT/CSIRT PR teams – to share experience, “know-how” best practice and information on reports, questionnaires, marketing tools, methods, upcoming events and anything that might be helpful to other colleagues. The scope of the CERTs’ PR Group encompasses all activities related to promotion of the industry, raising awareness and increasing understanding of cybersecurity. Participants are welcome to share experience, ideas and best practices on challenges faced when ensuring PR activities, among those:

  • Awareness rising and marketing campaigns
  • Education and outreach (both to the general public and public bodies)
  • Research and statistics/ data analysis
  • Events
  • Best practices and lessons learned / “tips and tricks”
  • Analysis of communications/marketing tools (including social media), trends and strategies within organisation and outside
  • Financial aspects (how much does it cost? How can we reach maximum with less resources?)
  • Crisis communication

We are a new working group and are still working on a more detailed plan and framework for cooperation. Thus far, we have:

  • Created an e-mail list pr.partners@cert.lv to share anything important
  • Decided to have one face-to-face meeting per year during one of the TF-CSIRT Meetings
  • Decided to organise online meetings – if there is anything anyone would like to share

If you are interested or know PR, marketing and communication specialists from other CERTs and CSIRTs, who might be interested, you are welcome to join and encouraged to spread the word about the group.
Contact us: pr@cert.lv

Past

TF-CSIRT has previously supported working groups on:

  • RTIR – Request Tracker for Incident Response Working Group.
  • IRT – IRT Object Working Group.
  • IODEF – Incident Object Description and Exchange Format Working Group.
  • VEDEF – Vulnerability and Exploit Description and Exchange Format Working Group.
  • OAS-CICTE (Collaboration Group).