Context for the SA NREN Computer Security Incident Response Team

被引:0
|
作者
Mooi, Roderick [1 ,2 ]
Botha, Reinhardt A. [2 ]
机构
[1] CSIR, POB 395, ZA-0001 Pretoria, South Africa
[2] Nelson Mandela Metropolitan Univ, POB 77000, ZA-6035 Port Elizabeth, South Africa
来源
2016 IST-AFRICA WEEK CONFERENCE | 2016年
关键词
CSIRT; CERT; computer security incident response; security operations centre; NREN; research and education network; South Africa; business requirements; INFORMATION-SYSTEMS RESEARCH; DESIGN SCIENCE;
D O I
暂无
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
The South African (SA) National Research and Education Network (NREN) identified the requirement for a Computer Security Incident Response Team (CSIRT). This paper sets the context for the CSIRT by exploring the business requirements and associated decisions in five areas: the environment, constituency, authority, funding and legal considerations. The SA NREN CSIRT was categorised as an academic sector CSIRT serving the research and education community of South Africa with limited authority. The NREN is comprised of two organisations and the corresponding embedded, but distributed, organisational model makes this CSIRT case particularly interesting. Various cost recovery options and relevant South African laws and regulations were also identified. The resulting "strategic" framework sets the scene for the remainder of the establishment process. This paper is useful to anyone desiring to establish a CSIRT, or equivalent capability, who can follow a similar process to discover where to begin.
引用
收藏
页数:9
相关论文
共 50 条
  • [41] Approaches to Improve the Activity of Computer Incident Response Teams
    Gizun, Andrii
    Gnatyuk, Viktor
    Balyk, Nadiia
    Falat, Pawel
    2015 IEEE 8TH INTERNATIONAL CONFERENCE ON INTELLIGENT DATA ACQUISITION AND ADVANCED COMPUTING SYSTEMS: TECHNOLOGY AND APPLICATIONS (IDAACS), VOLS 1-2, 2015, : 442 - 447
  • [42] Incorporating Situation Awareness into Workflow Models for Security Incident Response
    Lenaghan, Andrew
    2017 INTERNATIONAL CONFERENCE ON SOCIAL MEDIA, WEARABLE AND WEB ANALYTICS (SOCIAL MEDIA), 2017,
  • [43] Differentiating the Investigation Response Process of Cyber Security Incident for LEAs
    Hsiao, Shou-Ching
    Kao, Da-Yu
    INTELLIGENCE AND SECURITY INFORMATICS (PAISI 2017), 2017, 10241 : 34 - 48
  • [44] Preparation, detection, and analysis: The diagnostic work of IT security incident response
    Werlinger R.
    Muldner K.
    Hawkey K.
    Beznosov K.
    Information Management and Computer Security, 2010, 18 (01): : 26 - 42
  • [45] Operation Raven Design of a Cyber Security Incident Response Game
    Seiler, Andreas
    Lechner, Ulrike
    Strussenberg, Judith
    Hofbauer, Stefan
    INNOVATIONS FOR COMMUNITY SERVICES, I4CS 2024, 2024, 2109 : 337 - 347
  • [46] Incorporating Situation Awareness into Workflow Models for Security Incident Response
    Lenaghan, Andrew
    2017 INTERNATIONAL CONFERENCE ON CYBER SECURITY AND PROTECTION OF DIGITAL SERVICES (CYBER SECURITY), 2017,
  • [47] Incident response teams - Challenges in supporting the organisational security function
    Ahmad, Atif
    Hadgkiss, Justin
    Ruighaver, A. B.
    COMPUTERS & SECURITY, 2012, 31 (05) : 643 - 652
  • [48] Incorporating Situation Awareness into Workflow Models for Security Incident Response
    Lenaghan, Andrew
    2017 INTERNATIONAL CONFERENCE ON CYBER SITUATIONAL AWARENESS, DATA ANALYTICS AND ASSESSMENT (CYBER SA), 2017,
  • [49] Informing Hybrid System Design in Cyber Security Incident Response
    Nyre-Yu, Megan
    Sprehn, Kelly A.
    Caldwell, Barrett S.
    HCI FOR CYBERSECURITY, PRIVACY AND TRUST, 2019, 11594 : 325 - 338
  • [50] Higher IT security through context computer: Plea for a paradigm shift
    Höhere IT-sicherheit durch context computer: Plädoyer für einen paradigmenwechsel
    Burkhardt, H.-J. (heinzjuergen.burkhardt@t-online.de), 1600, Springer Verlag (35):
12345