Home // CYBER 2017, The Second International Conference on Cyber-Technologies and Cyber-Systems // View article

Improving the Effectiveness of CSIRTs

Authors:
Maria Bada
Sadie Creese
Michael Goldsmith
Chris J. Mitchell

Keywords: Cybersecurity; CSIRT; Metrics; Effectiveness

Abstract:
This paper reports on research designed to measure the effectiveness of national Computer Security Incident Response Teams (CSIRTs). Specifically, our aim is to identify: 1) the ways in which a CSIRT might be considered to be effective; 2) the issues which may limit the performance of a CSIRT; and 3) approaches towards developing CSIRT effectiveness metrics. A primary motive for doing so is to enable more effective CSIRTs to be implemented, focusing on activities with the maximum impact on threat mitigation. The research was conducted using both online survey and interviews, in two phases. The study participants were experts within the existing CSIRT community. In total, 46 participants responded to the survey, from 27 countries in Europe, Africa, South and North America, and Asia. Three experts working for CSIRTs in the UK and USA were also interviewed. Questions asked during the interviews and the online survey queried the personal knowledge and experience of participants regarding CSIRTs. In our analysis, issues such as cooperation, data-sharing and trust are discussed as crucial components of an effective CSIRT. Existing measurement approaches for computer security incident response are presented, before a set of suggested direct and indirect measures of the effectiveness of a CSIRT is defined.

Pages: 53 to 58

Copyright: Copyright (c) IARIA, 2017

Publication date: November 12, 2017

Published in: conference

ISSN: 2519-8599

ISBN: 978-1-61208-605-7

Location: Barcelona, Spain

Dates: from November 12, 2017 to November 16, 2017