Improving the Effectiveness of CSIRTs

Global Cyber Security Capacity Centre, 2014

42 Pages Posted: 9 Sep 2020

See all articles by Maria Bada

Maria Bada

Cambridge Cybercrime Centre

Sadie Creese

University of Oxford

Michael Goldsmith

University of Oxford

Chris Mitchell

affiliation not provided to SSRN

Elizabeth Phillips

affiliation not provided to SSRN

Date Written: 2014

Abstract

Following the pioneering work at Carnegie-Mellon University in the US, national Computer Emergency Response Teams (CERTs) have been established worldwide to try to address the ever-growing threats to information systems and their use. The problem they are designed to address is clearly real and formidable, although relatively little has been done to measure how effective such national responses are in mitigating the threats posed by cyber-criminals and state-sponsored cyber-attacks. The goal of this paper is to take a first step towards developing metrics which can be used to measure the effectiveness of CSIRTs. A primary motive for doing so is to enable more effective CSIRTs to be implemented, which focus on activities with the maximum impact on threat mitigation. More specifically, this paper aims to identify the ways in which a CSIRT might be deemed to be effective, and possible approaches towards developing CSIRT effectiveness metrics. It also identifies the issues that need to be addressed to realise the goal. Issues such as cooperation, data sharing and trust are discussed as crucial components of an effective CSIRT. Existing measurement types of computer security incident response (NIST, Carnegie Mellon's Software Engineering Institute) are presented before defining a set of suggested direct and indirect measures of the effectiveness of a CSIRT.

Suggested Citation

Bada, Maria and Creese, Sadie and Goldsmith, Michael and Mitchell, Chris and Phillips, Elizabeth, Improving the Effectiveness of CSIRTs (2014). Global Cyber Security Capacity Centre, 2014, Available at SSRN: https://ssrn.com/abstract=3659982

Maria Bada (Contact Author)

Cambridge Cybercrime Centre ( email )

15 JJ Thomson Avenue
William Gates Building
Cambridge, CB3 0FD
United Kingdom

Sadie Creese

University of Oxford ( email )

Mansfield Road
Oxford, Oxfordshire OX1 4AU
United Kingdom

Michael Goldsmith

University of Oxford ( email )

Mansfield Road
Oxford, Oxfordshire OX1 4AU
United Kingdom

Chris Mitchell

affiliation not provided to SSRN

Elizabeth Phillips

affiliation not provided to SSRN

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
163
Abstract Views
558
Rank
329,348
PlumX Metrics