Computer Security Incident Response Team Effectiveness: A Needs Assessment

نویسندگان

  • Rick Van der Kleij
  • Geert Kleinhuis
  • Heather Young
چکیده

Computer security incident response teams (CSIRTs) respond to a computer security incident when the need arises. Failure of these teams can have far-reaching effects for the economy and national security. CSIRTs often have to work on an ad hoc basis, in close cooperation with other teams, and in time constrained environments. It could be argued that under these working conditions CSIRTs would be likely to encounter problems. A needs assessment was done to see to which extent this argument holds true. We constructed an incident response needs model to assist in identifying areas that require improvement. We envisioned a model consisting of four assessment categories: Organization, Team, Individual and Instrumental. Central to this is the idea that both problems and needs can have an organizational, team, individual, or technical origin or a combination of these levels. To gather data we conducted a literature review. This resulted in a comprehensive list of challenges and needs that could hinder or improve, respectively, the performance of CSIRTs. Then, semi-structured in depth interviews were held with team coordinators and team members of five public and private sector Dutch CSIRTs to ground these findings in practice and to identify gaps between current and desired incident handling practices. This paper presents the findings of our needs assessment and ends with a discussion of potential solutions to problems with performance in incident response.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Understanding Collaborative Challenges in IT Security Preparedness Exercises

IT security preparedness exercises allow for practical collaborative training, which in turn leads to improved response capabilities to information security incidents for an organization. However, such exercises are not commonly performed in the electric power industry. We have observed a tabletop exercise as performed by three organizations with the aim of understanding challenges of performin...

متن کامل

Prioritizing computer security incident response services for the South African National Research Network (SANReN)

The need for the South African (SA) National Research and Education Network (NREN) to establish a Computer Security Incident Response Team (CSIRT) was identified. CSIRTs offer a subset of all possible security services based on the environment and needs of the customers. Selecting this subset has its challenges as the view of the customer may differ from the provider and knowing which services ...

متن کامل

An Exploratory Investigation of Factors Affecting Computer Security Incident Response Team Performance

There has been a huge amount of organizational investment to cope with computer security incidents, but the incidents continue and are expected to increase. Computer security incidents in organizations are primarily dealt with by computer security incident response teams (CSIRT). How the team successfully develops and operates is critical for effective and efficient responses to the incidents. ...

متن کامل

Effectiveness of Proactive CSIRT Services

Many authors have suggested that Computer Security Incident Response Teams (CSIRTs) need to deliver more proactive services to stay effective, but there are hardly any studies investigating to what extent existing proactive services are indeed effective or how to make them more effective. We view the proactive services as cross-organisational learning processes, where CSIRTs facilitate learning...

متن کامل

Common problems faced during the establishment of a CSIRT

A CSIRT is a team of dedicated information security specialists that prepares for and responds to information security incidents. When an incident occurs, members of a CSIRT can assist its constituency in determining what happened and what actions need to be taken to remedy the situation. The establishment of a CSIRT, however, is not without certain difficulties or complications. Such a project...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره 8  شماره 

صفحات  -

تاریخ انتشار 2017