Prerequisites for building a computer security incident response capability

被引:0
|
作者
Mooi, Roderick [1 ,2 ]
Botha, Reinhardt A. [2 ]
机构
[1] CSIR, Meraka Inst, New Delhi, India
[2] Nelson Mandela Metropolitan Univ, Sch ICT, Ctr Res Informat & Comp Secur, Port Elizabeth, South Africa
来源
2015 INFORMATION SECURITY FOR SOUTH AFRICA - PROCEEDINGS OF THE ISSA 2015 CONFERENCE | 2015年
关键词
incident response; security team; CSIRT; CERT; establishing requirements;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
There are a number of considerations before one can commence with establishing a Computer Security Incident Response Team (CSIRT). This paper presents the results of a structured literature review investigating the business requirements for establishing a CSIRT. That is, the paper identifies those things that must be in place prior to commencing with the actual establishment process. These include characterising the CSIRT environment, funding, constituency, authority and legal considerations. Firstly, we identified authoritative CSIRT literature. Thereafter we identified salient aspects using a concept matrix. The study enumerates five areas of primary business requirements. Finally, a holistic view of the business requirements is provided by summarising the decisions required in each area.
引用
收藏
页数:8
相关论文
共 50 条
  • [41] Demystifying analytical information processing capability: The case of cybersecurity incident response
    Naseer, Humza
    Maynard, Sean B.
    Desouza, Kevin C.
    Decision Support Systems, 2021, 143
  • [42] NECESSITY AND PREREQUISITES OF COMPREHENSIVE INTERNATIONAL SECURITY
    WECKWERTH, M
    SCHMIDT, M
    ZACHMANN, S
    HEININGER, H
    BASLER, G
    BUSSE, H
    KOCH, B
    IPW BERICHTE, 1987, 16 (07): : 1 - 12
  • [43] Indicators of techno-management capability building in Indian computer firms
    Khan, MU
    JOURNAL OF SCIENTIFIC & INDUSTRIAL RESEARCH, 2001, 60 (09): : 717 - 723
  • [44] Incorporating Situation Awareness into Workflow Models for Security Incident Response
    Lenaghan, Andrew
    2017 INTERNATIONAL CONFERENCE ON SOCIAL MEDIA, WEARABLE AND WEB ANALYTICS (SOCIAL MEDIA), 2017,
  • [45] Differentiating the Investigation Response Process of Cyber Security Incident for LEAs
    Hsiao, Shou-Ching
    Kao, Da-Yu
    INTELLIGENCE AND SECURITY INFORMATICS (PAISI 2017), 2017, 10241 : 34 - 48
  • [46] Preparation, detection, and analysis: The diagnostic work of IT security incident response
    Werlinger R.
    Muldner K.
    Hawkey K.
    Beznosov K.
    Information Management and Computer Security, 2010, 18 (01): : 26 - 42
  • [47] Operation Raven Design of a Cyber Security Incident Response Game
    Seiler, Andreas
    Lechner, Ulrike
    Strussenberg, Judith
    Hofbauer, Stefan
    INNOVATIONS FOR COMMUNITY SERVICES, I4CS 2024, 2024, 2109 : 337 - 347
  • [48] Incorporating Situation Awareness into Workflow Models for Security Incident Response
    Lenaghan, Andrew
    2017 INTERNATIONAL CONFERENCE ON CYBER SECURITY AND PROTECTION OF DIGITAL SERVICES (CYBER SECURITY), 2017,
  • [49] Incident response teams - Challenges in supporting the organisational security function
    Ahmad, Atif
    Hadgkiss, Justin
    Ruighaver, A. B.
    COMPUTERS & SECURITY, 2012, 31 (05) : 643 - 652
  • [50] Forming a critical incident response team in a maximum security setting
    Guariglia, MJ
    Smith, H
    FEDERAL PROBATION, 1995, 59 (02) : 40 - &
12345