Since their inception Computer Security Incident Response Teams (CSIRTs) have been afflicted by chronic problems concerning workload, quality of service, and sustaining their constituency. We have cooperated with one of the oldest CSIRTs to model the most challenging issues. Low-priority and high-priority incident response cause distinct problems. Low-priority reports grow exponentially, which overwhelms the limited CISRT resources. For high-priority incident response, one observes long-term instabilities in workload and QoS and, ominously, oscillatory decreasing recognition of the CSIRT by its constituency. In this paper we focus on low-priority incident response, leaving high-priority response for two companion papers. For low-priority response, the CSIRT tends to handle the workload by adjusting the productivity of manually handled incidents, a futile task owing to exponential growth in incidents. A more fundamental solution is automated incident response, but its implementation requires careful planning of timing and resources.

This is the whole item.

Date created

• 2009 July 26-2009 July 30

Type

• Document

Processing Activity

• Processing documentation available at: https://wiki.albany.edu/display/SCA/Processing+Ingested+Digital+Files

License

• Creative Commons BY-NC-ND Attribution-NonCommercial-NoDerivs 4.0 International

  
  Contact Us for questions or additional rights.

ITEM CONTEXT

Part of

4818cb531cdd68d6ec6af3f291216fc7

Scope and Contents

Part of

b3584c6b53c3f58e0202549d7d851f84

Scope and Contents

Part of

23d738ba88f8333bc39725f9cb5bd0b8

Scope and Contents

Collection

System Dynamic Society Records

Scope and Contents

Collecting area

• This collection is part of the University Archives