State of the Practice of Computer Security Incident Response Teams (CSIRTs)

October 2003 • Technical Report

Georgia Killcrece, Klaus-Peter Kossakowski, Robin Ruefle, Mark Zajicek

In this 2003 report, the authors provide a study of the state of the practice of incident response, based on how CSIRTs around the world are operating.

Publisher:

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2003-TR-001

DOI (Digital Object Identifier):

10.1184/R1/6584396.v1

Subjects

Abstract

Keeping organizational information assets secure in today's interconnected computing environment is a challenge that becomes more difficult with each new product and each new intruder tool. There is no one solution for securing information assets; instead a multi-layered security strategy is required. One of the layers that many organizations are including in their strategy today is a computer security incident response team, or CSIRT. This report provides an objective study of the state of the practice of incident response, based on information about how CSIRTs around the world are operating. It covers CSIRT services, projects, processes, structures, and literature, as well as training, legal, and operational issues. The report can serve as a resource both to new teams that are setting up their operations and to existing CSIRTs that are interested in benchmarking their operations.

Download PDF

Part of a Collection

Operating and Staffing a CSIRT

Cite This Report

SEI

Killcrece, Georgia; Kossakowski, Klaus-Peter; Ruefle, Robin; & Zajicek, Mark. State of the Practice of Computer Security Incident Response Teams (CSIRTs). CMU/SEI-2003-TR-001. Software Engineering Institute, Carnegie Mellon University. 2003. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6571

IEEE

Killcrece. Georgia, Kossakowski. Klaus-Peter, Ruefle. Robin, and Zajicek. Mark, "State of the Practice of Computer Security Incident Response Teams (CSIRTs)," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2003-TR-001, 2003. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6571

APA

Killcrece, Georgia., Kossakowski, Klaus-Peter., Ruefle, Robin., & Zajicek, Mark. (2003). State of the Practice of Computer Security Incident Response Teams (CSIRTs) (CMU/SEI-2003-TR-001). Retrieved June 05, 2023, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6571

CHI

Georgia Killcrece, Klaus-Peter Kossakowski, Robin Ruefle, & Mark Zajicek. State of the Practice of Computer Security Incident Response Teams (CSIRTs) (CMU/SEI-2003-TR-001). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2003. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6571

MLA

Killcrece, Georgia., Kossakowski, Klaus-Peter., Ruefle, Robin., & Zajicek, Mark. 2003. State of the Practice of Computer Security Incident Response Teams (CSIRTs) (Technical Report CMU/SEI-2003-TR-001). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6571

BibTex

@techreport{KillcreceStateof2003,
title={State of the Practice of Computer Security Incident Response Teams (CSIRTs)},
author={Georgia Killcrece and Klaus-Peter Kossakowski and Robin Ruefle and Mark Zajicek},
year={2003},
number={CMU/SEI-2003-TR-001},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6571} }

Ask a question about this Technical Report

Software Engineering Institute