visual_plus

Why join the TI?

Security and Incident Response teams manage the handling of information security incidents within their organisation or network – their tasks broadly range from prevention and awareness raising, via incident detection to the actual tracking and resolving of incidents and drawing lessons from that.

TI supports you with critical information about other teams and their responsibilities, as well as infrastructure services supporting information exchange and communication.

Why become a Listed Team?

As the role and importance of cyber security is rising, internal and external requirements for teams and companies are getting more difficult to fulfil. It is therefore vital to implement leading security measures. For internal security, there are numerous certifications (e.g. ISO 27001) in place.

However, there is no official process to become established and visible to other security teams within the international security community. Years of community building and experience has demonstrated that the unrivalled route into the European and global community of CSIRT teams is to become a member of TF-CSIRT and listed by the Trusted Introducer.

Let's shed some light on this. Becoming listed means:

  1. To express your interest in cyber security on the European and international stage.
  2. To prove to your stakeholders a commitment to follow contemporary security challenges and adhere to community-agreed best practices and standards.
  3. To be involved in different security projects, where their success is largely based on the contributions of CSIRTs from different sectors and constituencies.
  4. To learn from the successes and failures of other teams from personal face-to-face meetings and subject-matter presentations or briefings.
  5. To meet other security teams three times a year in different European locations by being invited by volunteering teams or national communities willing to support the TF-CSIRT objectives.
  6. To become a member of very open, friendly and not-competitive environment that cultivates a sensitive discussion and consensus building which is outside of the usual pressures of the daily business.
  7. After getting familiar with the community and adopted practices, you can take the appropriate steps towards accreditation and certification.

Read more about the requirements of becoming a Trusted Introducer listed team.

Why Become an Accredited Team?

Your team has taken its first step in becoming part of the TF-CSIRT Community. This means you have had support by existing teams within the community and your basic team details are now registered in the Trusted Introducer database. This step is important, but does not document whether your team has established a stable environment and it provides only a limited visibility. Building on the successful experience of more than 200 teams you should therefore take the next step and communicate your operational readiness and join their closer community.

Accreditation allows you to do this and build stronger relationships as well as to establish new communication channels with fellow teams. Here are more benefits:

  1. To prove and clearly demonstrate your continuous interest in cyber security on the European and international stage and to prove to your constituency and stakeholders your strong commitment to engage in responding to contemporary challenges on national, European and international scale.
  2. To participate in the development of community-build best practices and standards, and participate as a voting member in all major decisions and to signal your voluntary obligation to follow community standards as baseline of operational excellence.
  3. To gain access to the members-only space for Trusted Introducer and get access to readily downloadable extended contact databases, GPG/PGP keyrings, access to secure discussion fora and more and to rely on the regular freshness of up-to-date and verified contact information based on an elaborate scheme of maintenance process based on reminders and sanctions.
  4. To learn more the operational frameworks of other teams and to share core information of your own team’s operational framework with the closed community in an easy-to-use self-service and to support the very open, friendly and cooperative community and to help ensuring its continuity as a place to cultivate consensus building and sensitive discussions.
  5. To join the closed sessions at TF-CSIRT meetings, where TLP:Amber and TLP:Red presentations are delivered to which merely listed teams have no access and to test your own abilities by participating in regular response tests to ensure that your team and systems are working effectively and as desired.
  6. To become a member of very open, friendly and not-competitive environment that cultivates a sensitive discussion and consensus building which is outside of the usual pressures of the daily business.
  7. To help strengthening the community by introducing new teams into it and to protect the trust into it by voting about new listing requests and to enable via your membership fees the further development of the Trusted Introducer directory and related best practices and standards.

Read more about the requirements of becoming a Trusted Introducer accredited team.