Advanced Search

Content Type

Topics

Publication Date

Organizational Models for Computer Security Incident Response Teams (CSIRTs)

Abstract

When a computer security attack on an organization occurs, an intrusion is recognized, or some other kind of computer security incident occurs, it is critical for the organization to have a fast and effective means of responding. One method of addressing this need is to establish a formal incident response capability or a Computer Security Incident Response Team (CSIRT). When an incident occurs, the goal of the CSIRT is to control and minimize any damage, preserve evidence, provide quick and efficient recovery, prevent similar future events, and gain insight into threats against the organization. 

This handbook describes different organizational models for implementing incident handling capabilities, including each model's advantages and disadvantages and the kinds of incident management services that best fit with it. An earlier SEI publication, the Handbook for Computer Security Incident Response Teams (CSIRTs) (CMU/SEI-2003-HB-002), provided the baselines for establishing incident response capabilities. This new handbook builds on that coverage by enabling organizations to compare and evaluate CSIRT models. Based on this review they can then identify a model for implementation that addresses their needs and requirements.

Cite This Report

Show Citation Formats

SEI

Killcrece, Georgia; Kossakowski, Klaus-Peter; Ruefle, Robin; & Zajicek, Mark. Organizational Models for Computer Security Incident Response Teams (CSIRTs) (CMU/SEI-2003-HB-001 ). Software Engineering Institute, Carnegie Mellon University, 2003. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6295

IEEE

Killcrece. Georgia, Kossakowski. Klaus-Peter, Ruefle. Robin, and Zajicek. Mark, "Organizational Models for Computer Security Incident Response Teams (CSIRTs)," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Handbook CMU/SEI-2003-HB-001 , 2003. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6295

APA

Killcrece, Georgia., Kossakowski, Klaus-Peter., Ruefle, Robin., & Zajicek, Mark. (2003). Organizational Models for Computer Security Incident Response Teams (CSIRTs) (CMU/SEI-2003-HB-001 ). Retrieved April 21, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6295

CHI

Georgia Killcrece, Klaus-Peter Kossakowski, Robin Ruefle, & Mark Zajicek. Organizational Models for Computer Security Incident Response Teams (CSIRTs) (CMU/SEI-2003-HB-001 ). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2003. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6295

MLA

Killcrece, Georgia., Kossakowski, Klaus-Peter., Ruefle, Robin., & Zajicek, Mark. 2003. Organizational Models for Computer Security Incident Response Teams (CSIRTs) (Technical Report CMU/SEI-2003-HB-001 ). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6295