Persistent instabilities in the high-priority incident workload of CSIRTs
نویسندگان
چکیده
Since their inception Computer Security Incident Response Teams (CSIRTs) have been afflicted by chronic problems concerning workload, quality of service, and sustaining their constituency. We have cooperated with one of the oldest CSIRTs to model the most challenging issues. Low-priority and high-priority incident response cause distinct problems. In a previous paper we dealt with the impact of the exponential growth of low-priority incidents on the CSIRT workload. In this paper we deal with high-priority incident response and its impact on the CSIRT workload and quality of service. One observes long-term instabilities in workload and QoS and, ominously, oscillatory decreasing recognition of the CSIRT by its constituency. An improved communication of the service level provided by the CSIRT is the most effective policy to mitigate long-term instability in the workload and quality of service.
منابع مشابه
Computer Security Incident Response Team Effectiveness: A Needs Assessment
Computer security incident response teams (CSIRTs) respond to a computer security incident when the need arises. Failure of these teams can have far-reaching effects for the economy and national security. CSIRTs often have to work on an ad hoc basis, in close cooperation with other teams, and in time constrained environments. It could be argued that under these working conditions CSIRTs would b...
متن کاملEffectiveness of Proactive CSIRT Services
Many authors have suggested that Computer Security Incident Response Teams (CSIRTs) need to deliver more proactive services to stay effective, but there are hardly any studies investigating to what extent existing proactive services are indeed effective or how to make them more effective. We view the proactive services as cross-organisational learning processes, where CSIRTs facilitate learning...
متن کاملThe Impact of Honeynets for CSIRTs
For the daily work of a CSIRT it is of major importance to know which vulnerabilities are currently abused to compromise computers and to timely warn the constituency if a zero-day exploit is found. Besides the traditional incident response work, honeypots have shown to become more important to follow these aims. In this paper we give an overview on the NoAH project and related projects devoted...
متن کاملP37: Assessment of Job Stress and Workload among Rehabilitation Services Staff: A Comparative Study among Physical and Occupational Therapists, Orthotists and Prosthetists
Extensive job stress and workload are main causes of frustration and reduced efficiency among workers and despite negative effects of these factors on employees' performance, related studies in rehabilitation staff are limited. The aim of this study was to evaluate job stress, workload and their related factors in rehabilitation staff. In this cross-sectional study, 150 employees in three rehab...
متن کاملThe Incident Object Description Exchange Format
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract The Incident Object Description Exchange Format (IOD...
متن کامل