Computer Security Incident Response Team Effectiveness: A Needs Assessment

Computer security incident response teams (CSIRTs) respond to a computer security incident when the need arises. Failure of these teams can have far-reaching effects for the economy and national security. CSIRTs often have to work on an ad hoc basis, in close cooperation with other teams, and in tim...

Descripción completa

Detalles Bibliográficos
Autores principales: Van der Kleij, Rick, Kleinhuis, Geert, Young, Heather
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Frontiers Media S.A. 2017
Materias:
Psychology
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5733042/
https://www.ncbi.nlm.nih.gov/pubmed/29312051
http://dx.doi.org/10.3389/fpsyg.2017.02179
_version_ 1783286825529376768
author Van der Kleij, Rick
Kleinhuis, Geert
Young, Heather
author_facet Van der Kleij, Rick
Kleinhuis, Geert
Young, Heather
author_sort Van der Kleij, Rick
collection PubMed
description Computer security incident response teams (CSIRTs) respond to a computer security incident when the need arises. Failure of these teams can have far-reaching effects for the economy and national security. CSIRTs often have to work on an ad hoc basis, in close cooperation with other teams, and in time constrained environments. It could be argued that under these working conditions CSIRTs would be likely to encounter problems. A needs assessment was done to see to which extent this argument holds true. We constructed an incident response needs model to assist in identifying areas that require improvement. We envisioned a model consisting of four assessment categories: Organization, Team, Individual and Instrumental. Central to this is the idea that both problems and needs can have an organizational, team, individual, or technical origin or a combination of these levels. To gather data we conducted a literature review. This resulted in a comprehensive list of challenges and needs that could hinder or improve, respectively, the performance of CSIRTs. Then, semi-structured in depth interviews were held with team coordinators and team members of five public and private sector Dutch CSIRTs to ground these findings in practice and to identify gaps between current and desired incident handling practices. This paper presents the findings of our needs assessment and ends with a discussion of potential solutions to problems with performance in incident response.
format Online
Article
Text
id pubmed-5733042
institution National Center for Biotechnology Information
language English
publishDate 2017
publisher Frontiers Media S.A.
record_format MEDLINE/PubMed
spelling pubmed-57330422018-01-08 Computer Security Incident Response Team Effectiveness: A Needs Assessment Van der Kleij, Rick Kleinhuis, Geert Young, Heather Front Psychol Psychology Computer security incident response teams (CSIRTs) respond to a computer security incident when the need arises. Failure of these teams can have far-reaching effects for the economy and national security. CSIRTs often have to work on an ad hoc basis, in close cooperation with other teams, and in time constrained environments. It could be argued that under these working conditions CSIRTs would be likely to encounter problems. A needs assessment was done to see to which extent this argument holds true. We constructed an incident response needs model to assist in identifying areas that require improvement. We envisioned a model consisting of four assessment categories: Organization, Team, Individual and Instrumental. Central to this is the idea that both problems and needs can have an organizational, team, individual, or technical origin or a combination of these levels. To gather data we conducted a literature review. This resulted in a comprehensive list of challenges and needs that could hinder or improve, respectively, the performance of CSIRTs. Then, semi-structured in depth interviews were held with team coordinators and team members of five public and private sector Dutch CSIRTs to ground these findings in practice and to identify gaps between current and desired incident handling practices. This paper presents the findings of our needs assessment and ends with a discussion of potential solutions to problems with performance in incident response. Frontiers Media S.A. 2017-12-12 /pmc/articles/PMC5733042/ /pubmed/29312051 http://dx.doi.org/10.3389/fpsyg.2017.02179 Text en Copyright © 2017 Van der Kleij, Kleinhuis and Young. http://creativecommons.org/licenses/by/4.0/ This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) or licensor are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms.
spellingShingle Psychology
Van der Kleij, Rick
Kleinhuis, Geert
Young, Heather
Computer Security Incident Response Team Effectiveness: A Needs Assessment
title Computer Security Incident Response Team Effectiveness: A Needs Assessment
title_full Computer Security Incident Response Team Effectiveness: A Needs Assessment
title_fullStr Computer Security Incident Response Team Effectiveness: A Needs Assessment
title_full_unstemmed Computer Security Incident Response Team Effectiveness: A Needs Assessment
title_short Computer Security Incident Response Team Effectiveness: A Needs Assessment
title_sort computer security incident response team effectiveness: a needs assessment
topic Psychology
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5733042/
https://www.ncbi.nlm.nih.gov/pubmed/29312051
http://dx.doi.org/10.3389/fpsyg.2017.02179
work_keys_str_mv AT vanderkleijrick computersecurityincidentresponseteameffectivenessaneedsassessment
AT kleinhuisgeert computersecurityincidentresponseteameffectivenessaneedsassessment
AT youngheather computersecurityincidentresponseteameffectivenessaneedsassessment

Ejemplares similares