Computer Security Incident Response Team Effectiveness: A Needs Assessment

Kleij, R. van der; Kleinhuis, Geert; Young, Heather A.

doi:10.3389/fpsyg.2017.02179

Cited by 25 publications

(19 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…8) Knowledge Sharing (guidance, advisories): 3C-CSIRT shares technical guidance and advisories that form a precautionary step for the constituency's systems or networks from cyber intrusion activities. A CSIRT is not something like operating in a vacuum, but it must operate in the context of a complex sociotechnical environment or system [9]. Therefore, 3C-CSIRT should share its practical experience regarding cyber incidents, vulnerabilities or other security issues with its constituencies as well as with other external CSIRTs, either locally or internationally, for better cooperation and coordination.…”

Section: ) 3c-csirt Servicesmentioning

confidence: 99%

“…Therefore, 3C-CSIRT should share its practical experience regarding cyber incidents, vulnerabilities or other security issues with its constituencies as well as with other external CSIRTs, either locally or internationally, for better cooperation and coordination. However, sharing or exchanging information and cooperation depends on the available trust models they may have with each other [9]. 9) Security Related Information Dissemination:3C-CSIRT has a website through which all the constituencies can share security-related information such as recommended tools, security patches, software updates, best practices, vulnerabilities, and incidents in English as well as in their native language for better understanding.…”

Section: ) 3c-csirt Servicesmentioning

confidence: 99%

“…Bradshaw [8] classify CSIRT based on the Parent organization such as National CSIRTs, Private CSIRTs, and Technical or Academic CSIRTs. According to [9] no two CSIRTs are the same. There are some similarities and differences exist in the CSIRTs.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Model for Afghanistan’s Cyber Security Incident Response Team

Jalal

Yusof

Shukur

et al. 2018

Int. J. Adv. Sci. Eng. Inf. Technol.

View full text Add to dashboard Cite

Persistent cyber threats require effective and efficient mitigation techniques. The cyber security incident response team (CSIRT) is expected to respond to external and internal cyber threats or incidents. Various organizational, national, and international level CSIRTs have been developed for defending and protecting such kinds of threats. Developing countries like Afghanistan have also formed a Computer Emergency Response Team for handling national cyber incidents although it provides limited services to only a few constituencies and depends on funding from foreign donors. Therefore, a new organizational model was proposed to provide guidelines for a specific country, instead of a provision from a constitutional context. Five national CSIRTs were compared to identify their features and characteristics to provide basis for the proposed framework. The study presented the proposed model based on two CSIRT organizational models that incorporated a new funding strategy to achieve a Sustainable National CSIRT for developing countries. Our model combined coordinate and security teams; if consists of constituency's mission, services, resources, organizational framework, and funding strategy. This study employed qualitative method by using document analysis and interview techniques. CSIRT for Afghanistan known as AFCERT was evaluated in terms of structure, services, resources, and funding. AFCERT services level were below the standard of a national CSIRT. Therefore, a more sustainable service need to be provided based on the proposed model components. Findings showed the suitability and potential of the model in controlling and mitigating cyber-attacks, more specifically in the context of Afghanistan.

show abstract

Section: ) 3c-csirt Servicesmentioning

confidence: 99%

Section: ) 3c-csirt Servicesmentioning

confidence: 99%

See 1 more Smart Citation

A Model for Afghanistan’s Cyber Security Incident Response Team

Jalal

Yusof

Shukur

et al. 2018

Int. J. Adv. Sci. Eng. Inf. Technol.

View full text Add to dashboard Cite

show abstract

“…I am interviewing others who perform my role, as well as senior leaders within those organisations, using semi-structured interviews to inquire into any differences in perception and expectations as well as motivations and contexts. As semi-structured interviewing has become established as a core, and arguably the default, qualitative data-gathering method across the social sciences, for example, Coronel et al (2011) and Rainford (2020), and related disciplines, including business, for example, Maznevski and Chudoba (2000) and Peterson (2004), and cyber-security, for example, Ashenden and Sasse (2013), Singh et al (2013) and Van der Kleij et al (2017), researchers, like myself, that gather data using this method are faced with the task of preparing that data for analysis. For novice researchers, in particular, the predominant guidance from the literature, for example, Hammersley and Atkinson (1995) and Bryman (2012: 482) is for manual, verbatim (Seale, 2000: 148) transcriptions of audio-recorded interviews to be prepared in 'orthographic' (Braun and Clarke, 2006: 88) form for subsequent analysis, despite the acknowledged limitations of transcripts themselves (DeVault, 1990;Green et al, 1997;Lapadat and Lindsay, 1999;ten Have, 1990).…”

Section: Introductionmentioning

confidence: 99%

Producing ‘good enough’ automated transcripts securely: Extending Bokhove and Downey (2018) to address security concerns

Silva

2021

Methodological Innovations

View full text Add to dashboard Cite

Interviews are an established research method across multiple disciplines. Such interviews are typically transcribed orthographically in order to facilitate analysis. Many novice qualitative researchers’ experiences of manual transcription are that it is tedious and time-consuming, although it is generally accepted within much of the literature that quality of analysis is improved through researchers performing this task themselves. This is despite the potential for the exhausting nature of bulk transcription to conversely have a negative impact upon quality. Other researchers have explored the use of automated methods to ease the task of transcription, more recently using cloud-computing services, but such services present challenges to ensuring confidentiality and privacy of data. In the field of cyber-security, these are particularly concerning; however, any researcher dealing with confidential participant speech should also be uneasy with third-party access to such data. As a result, researchers, particularly early-career researchers and students, may find themselves with no option other than manual transcription. This article presents a secure and effective alternative, building on prior work published in this journal, to present a method that significantly reduced, by more than half, interview transcription time for the researcher yet maintained security of audio data. It presents a comparison between this method and a fully manual method, drawing on data from 10 interviews conducted as part of my doctoral research. The method presented requires an investment in specific equipment which currently only supports the English language.

show abstract

“…At the same time, rapid changes in security threat landscapes cause uncertainty for business continuity and may force changes to organizations' security strategy [8]. A solution is to automate the handwork or to provide forecasting analysts with proper decision support tools that could help reduce ambiguity or even predict future developments (see also [8,10]). There have already been extensive efforts in government, academia, and industry to do so [11].…”

Section: Introductionmentioning

confidence: 99%

Text Mining in Cybersecurity: Exploring Threats and Opportunities

Boer

Bakker²,

Boertjes³

et al. 2019

MTI

Self Cite

View full text Add to dashboard Cite

The number of cyberattacks on organizations is growing. To increase cyber resilience, organizations need to obtain foresight to anticipate cybersecurity vulnerabilities, developments, and potential threats. This paper describes a tool that combines state of the art text mining and information retrieval techniques to explore the opportunities of using these techniques in the cybersecurity domain. Our tool, the Horizon Scanner, can scrape and store data from websites, blogs and PDF articles, and search a database based on a user query, show textual entities in a graph, and provide and visualize potential trends. The aim of the Horizon Scanner is to help experts explore relevant data sources for potential threats and trends and to speed up the process of foresight. In a requirements session and user evaluation of the tool with cyber experts from the Dutch Defense Cyber Command, we explored whether the Horizon Scanner tool has the potential to fulfill its aim in the cybersecurity domain. Although the overall evaluation of the tool was not as good as expected, some aspects of the tool were found to have added value, providing us with valuable insights into how to design decision support for forecasting analysts.

show abstract

Computer Security Incident Response Team Effectiveness: A Needs Assessment

Cited by 25 publications

References 21 publications

A Model for Afghanistan’s Cyber Security Incident Response Team

A Model for Afghanistan’s Cyber Security Incident Response Team

Producing ‘good enough’ automated transcripts securely: Extending Bokhove and Downey (2018) to address security concerns

Text Mining in Cybersecurity: Exploring Threats and Opportunities

Contact Info

Product

Resources

About