Full name: Cisco Computer Security Incident Response Team Short name: Cisco CSIRT
Cisco CSIRT Cisco Systems, Inc. 7025 Kit Creek Road Research Triangle Park, NC 27709 United States
2.3. Time Zone
Cisco CSIRT is globally dispersed, providing 24-hour incident response. Main offices in U.S./Eastern UTC/GMT -5 hours Eastern Standard Time (EST), U.S./Pacific UTC/GMT -8 hours Pacific Standard Time (PST).
Cisco CSIRT forms part of the investigative branch of the Cisco Security and Trust Organization, and provides proactive threat analysis, incident detection, and coordinated incident response.
The primary mission of Cisco CSIRT is to review security architecture, establish incident management procedures for collecting incident data, enable efficient recovery from security incidents, prevent or minimize disruption of critical computing services, and facilitate cooperation and information exchange among cross-functional groups that are responsible for security incident remediation.
Cisco CSIRT helps protect Cisco employees, business partners, and Cisco-owned businesses.
3.3. Sponsorship and/or Affiliation
Cisco CSIRT is a global team of analysts, investigators, and engineers that serve the IT, business, and engineering organizations within Cisco, and more specifically, the Chief Security Officer (CSO) and the company senior management team, to help protect Cisco information assets.
Cisco CSIRT coordinates, investigates, and remediates security incidents at the direction of the Cisco CSO, and within the framework defined by Cisco HR and Cisco Legal.
4.1. Types of Incidents and Level of Support
All incidents are considered normal priority unless they are labeled EMERGENCY.
4.2. Co-operation, Interaction, and Disclosure of Information
All incoming information is handled confidentially by Cisco CSIRT, regardless of its priority.
When reporting a sensitive incident, please state so explicitly (for example, by using the label SENSITIVE in the subject field of email) and, if possible, use encryption as well.
Cisco CSIRT supports the Information Sharing Traffic Light Protocol (ISTLP; see https://www.first.org/tlp/docs/tlp-v1.pdf). Information that arrives with the tags WHITE, GREEN, AMBER, or RED will be handled appropriately.
4.3. Communication and Authentication
See section 2.8; In cases that involve sensitive information, use of PGP/GnuPG is highly recommended.
5.1. Incident Response (Triage, Coordination, and Resolution)
Cisco CSIRT can assist system administrators in handling the technical and organizational aspects of computer security incidents.
5.2. Proactive Activities
Cisco CSIRT collaborates with FIRST, the National Safety Information Exchange (NSIE), the Defense Security Information Exchange (DSIE), and the DNS Operations Analysis and Research Center (DNS-OARC).
6. Incident Reporting Forms
Not available; please report using encrypted email.
This document is part of the Cisco Security portal. Cisco provides the official information contained on the Cisco Security portal in English only.
This document is provided on an “as is” basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information in the document or materials linked from the document is at your own risk. Cisco reserves the right to change or update this document without notice at any time.