Cyber Incident Detection & Response (CIDR)

The CIDR (Cyber Incident Detection and Response) Focus Group aims to create a community of peers working in Cyber Security Incident Response Teams (CSIRT) or Security Operations Centres (SOC) to facilitate the exchange of knowledge and experience.

Objectives

Members of this Focus Group share their thoughts on recent security incidents, their experience with vendors and tools, their incident response processes, technical indicators and much more. Additionally, members routinely present topics and hold open discussions related to their field of expertise. Non-commercial presentations from industry leaders and technology vendors also occur, providing powerful insights into the evolution of the Cyber Security sector.

Topics

Recurrent items on the agenda are:

Actual incident response cases,
Malware analysis,
Forensics,
Threat intelligence sharing,
Enhancing detection capability,
Tool analysis.

Practices

This Focus Group is characterized by its members’ interactions and therefore aims to physically convene on a quarterly basis.

In the case of a major incident or the identification of a critical vulnerability, an ad hoc call may take place to discuss the topic. Any member may request such a call via a formalised process. This helps ensure members can fully leverage the group’s shared knowledge and experience when facing a significant issue. In parallel, a CIDR Focus Group Signal group exists to assist members in sharing information outside of scheduled meetings.

Close collaboration among members is only possible within a trusted platform. Therefore, every conference call or onsite meeting is preceded by the declaration of the Traffic Light Protocol (TLP) level (amber by default) to remind participants of the sensitive nature of our discussions.