Prerequisites for building a computer security incident response capability

Mooi, MBotha, RA2016-10-132016-10-132015-08Mooi, R. and Botha, R.A. 2015. Prerequisites for building a computer security incident response capability. In: Proceedings of the 2015 Information Security for South Africa (ISSA 2015) Conference, 1-13 August 2015, Johannesburg978-1-5090-2472-8http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7335057http://hdl.handle.net/10204/8818Proceedings of the 2015 Information Security for South Africa (ISSA 2015) Conference, 1-13 August 2015, JohannesburgThere are a number of considerations before one can commence with establishing a Computer Security Incident Response Team (CSIRT). This paper presents the results of a structured literature review investigating the business requirements for establishing a CSIRT. That is, the paper identifies those things that must be in place prior to commencing with the actual establishment process. These include characterising the CSIRT environment, funding, constituency, authority and legal considerations. Firstly, we identified authoritative CSIRT literature. Thereafter we identified salient aspects using a concept matrix. The study enumerates five areas of primary business requirements. Finally, a holistic view of the business requirements is provided by summarising the decisions required in each area.enIncident responsesComputer Security Incident Response TeamCSIRTPrerequisites for building a computer security incident response capabilityConference PresentationMooi, M., & Botha, R. (2015). Prerequisites for building a computer security incident response capability. IEEE Xplore. http://hdl.handle.net/10204/8818Mooi, M, and RA Botha. "Prerequisites for building a computer security incident response capability." (2015): http://hdl.handle.net/10204/8818Mooi M, Botha R, Prerequisites for building a computer security incident response capability; IEEE Xplore; 2015. http://hdl.handle.net/10204/8818 .TY - Conference Presentation AU - Mooi, M AU - Botha, RA AB - There are a number of considerations before one can commence with establishing a Computer Security Incident Response Team (CSIRT). This paper presents the results of a structured literature review investigating the business requirements for establishing a CSIRT. That is, the paper identifies those things that must be in place prior to commencing with the actual establishment process. These include characterising the CSIRT environment, funding, constituency, authority and legal considerations. Firstly, we identified authoritative CSIRT literature. Thereafter we identified salient aspects using a concept matrix. The study enumerates five areas of primary business requirements. Finally, a holistic view of the business requirements is provided by summarising the decisions required in each area. DA - 2015-08 DB - ResearchSpace DP - CSIR KW - Incident responses KW - Computer Security Incident Response Team KW - CSIRT LK - https://researchspace.csir.co.za PY - 2015 SM - 978-1-5090-2472-8 T1 - Prerequisites for building a computer security incident response capability TI - Prerequisites for building a computer security incident response capability UR - http://hdl.handle.net/10204/8818 ER -