This GitHub repository hosts files relating to the TF-CSIRT Reference Security Incident Taxonomy Working Group.
During the ‘51st TF-CSIRT meeting’ (held on 15 May 2017 in The Hague, Netherlands) the CSIRT community concluded that there was an urgent need for an incident taxonomy (i.e., classification scheme) that serves as a fixed reference for all CSIRTs.
ENISA and TF-CSIRT therefore created the ‘Reference Security Incident Taxonomy Working Group' (RSIT WG) with the aim of enabling the CSIRT community to reach a consensus on a security incident reference taxonomy. The RSIT WG was approved as official TF-CSIRT working group by the TF-CSIRT Steering Committee on 26 September 2018.
During the 2nd meeting at 53rd TF-CSIRT in Hamburg it was decided to use the eCSIRT.net incident taxonomy as the starting point for the RSIT, and use this as it is for version 1 of the RSIT.
For more information visit the ENISA working document.
Please follow the below guidelines when contributing to the RSIT GitHub project:
To join the working group, please send an email to the ENISA Secretariat (CSIRT-Relations@enisa.europa.eu) or sign up for a physical meeting during a TF-CSIRT event. In case of physical meeting, please notify in presence to the ENISA secretariat or via email the request for addition to the mailing list.
Check the TF-CSIRT meeting page to register for the next upcoming meeting.
This GitHub project is licenced under CC0 1.0 Universal (CC0 1.0). For more information see the licence.
This work is built on the previous work by Jimmy Arvidsson, Don Stikvoort and eCSIRT.net who are fully acknowledged hereby. It was previously called eCSIRT taxonomy.