Prerequisites for building a computer security incident response capability

There are a number of considerations before one can commence with establishing a Computer Security Incident Response Team (CSIRT). This paper presents the results of a structured literature review investigating the business requirements for establishing a CSIRT. That is, the paper identifies those things that must be in place prior to commencing with the actual establishment process. These include characterising the CSIRT environment, funding, constituency, authority and legal considerations. Firstly, we identified authoritative CSIRT literature. Thereafter we identified salient aspects using a concept matrix. The study enumerates five areas of primary business requirements. Finally, a holistic view of the business requirements is provided by summarising the decisions required in each area.