State of the Practice of Computer Security Incident Response Teams (CSIRTs)

Abstract

Keeping organizational information assets secure in today's interconnected computing environment is a challenge that becomes more difficult with each new "e" product and each new intruder tool. There is no one solution for securing information assets; instead a multi-layered security strategy is required. One of the layers that many organizations are including in their strategy today is a computer security incident response team, or CSIRT. This report provides an objective study of the state of the practice of incident response, based on information about how CSIRTs around the world are operating. It covers CSIRT services, projects, processes, structures, and literature, as well as training, legal, and operational issues. The report can serve as a resource both to new teams that are setting up their operations and to existing CSIRTs that are interested in benchmarking their operations.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 01, 2003
Accession Number
ADA421664

Entities

People

  • Georgia Killcrece
  • Klaus-peter Kossakowski
  • Mark Zajicek
  • Robin Ruefle

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Computer Crime
  • Computer Network Security
  • Computer Program Documentation
  • Computer Programming
  • Computer Programs
  • Computers
  • Congress
  • Cyberattacks
  • Cybersecurity
  • Electronic Commerce
  • Employment
  • Information Systems
  • Intellectual Property
  • National Security
  • Operating Systems
  • Organizational Structure
  • Public Administration

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Defense Acquisition Program Management

Technology Areas

  • Cyber