There are a number of considerations before one can commence with establishing a Computer Security Incident Response Team (CSIRT). This paper presents the results of a structured literature review investigating the business requirements for establishing a CSIRT. That is, the paper identifies those things that must be in place prior to commencing with the actual establishment process. These include characterising the CSIRT environment, funding, constituency, authority and legal considerations. Firstly, we identified authoritative CSIRT literature. Thereafter we identified salient aspects using a concept matrix. The study enumerates five areas of primary business requirements. Finally, a holistic view of the business requirements is provided by summarising the decisions required in each area.
Reference:
Mooi, R. and Botha, R.A. 2015. Prerequisites for building a computer security incident response capability. In: Proceedings of the 2015 Information Security for South Africa (ISSA 2015) Conference, 1-13 August 2015, Johannesburg
Mooi, M., & Botha, R. (2015). Prerequisites for building a computer security incident response capability. IEEE Xplore. http://hdl.handle.net/10204/8818
Mooi, M, and RA Botha. "Prerequisites for building a computer security incident response capability." (2015): http://hdl.handle.net/10204/8818
Mooi M, Botha R, Prerequisites for building a computer security incident response capability; IEEE Xplore; 2015. http://hdl.handle.net/10204/8818 .
