In a constantly changing environment, a Computer Security Incident Response Team (CSIRT) has to evolve over time in order to sustain or improve its effectiveness. The main task of a CSIRT is to help victims mitigate the effects of computer security incidents. A frequently identified problem for a CSIRT is that they are overworked, understaffed and under funded. In this paper, we present a conceptual model of such conditions based on a case study. The model is a first attempt to understand the main factors influencing a CSIRT’s ability to handle computer security incidents effectively, and to identify ways to improve their overall effectiveness. Based on theory from process improvement and information from the case study, we have identified that short-term pressure from a growing incident workload prevents any attempts for developing more response capability long-term. Fundamental solutions to solve this problem will typically involve a worse-before-better trade-off for management.

This is the whole item.

Date created

• 2005 July 17-2005 July 21

Type

• Document

Processing Activity

• Processing documentation available at: https://wiki.albany.edu/display/SCA/Processing+Ingested+Digital+Files

License

• Creative Commons BY-NC-ND Attribution-NonCommercial-NoDerivs 4.0 International

  
  Contact Us for questions or additional rights.

ITEM CONTEXT

Part of

cc5bb0ac12a5b68b26b1583548898dae

Scope and Contents

Part of

3c582e6f5cf305ef0030c7471b499022

Scope and Contents

Part of

23d738ba88f8333bc39725f9cb5bd0b8

Scope and Contents

Collection

System Dynamic Society Records

Scope and Contents

Collecting area

• This collection is part of the University Archives