icon-carat-right menu search cmu-wordmark
Carnegie Mellon University

State of the Practice of Computer Security Incident Response Teams (CSIRTs)

Technical Report
By
In this 2003 report, the authors provide a study of the state of the practice of incident response, based on how CSIRTs around the world are operating.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2003-TR-001
DOI (Digital Object Identifier)
10.1184/R1/6584396.v1
Topic or Tag

Abstract

Keeping organizational information assets secure in today's interconnected computing environment is a challenge that becomes more difficult with each new product and each new intruder tool. There is no one solution for securing information assets; instead a multi-layered security strategy is required. One of the layers that many organizations are including in their strategy today is a computer security incident response team, or CSIRT. This report provides an objective study of the state of the practice of incident response, based on information about how CSIRTs around the world are operating. It covers CSIRT services, projects, processes, structures, and literature, as well as training, legal, and operational issues. The report can serve as a resource both to new teams that are setting up their operations and to existing CSIRTs that are interested in benchmarking their operations.

SHARE
Download PDF
Part of a Collection

Operating and Staffing a CSIRT
Cite This Technical Report

Killcrece, G., Kossakowski, K., Ruefle, R., & Zajicek, M. (2003, October 1). State of the Practice of Computer Security Incident Response Teams (CSIRTs). (Technical Report CMU/SEI-2003-TR-001). Retrieved November 23, 2024, from https://doi.org/10.1184/R1/6584396.v1.

@techreport{killcrece_2003,
author={Killcrece, Georgia and Kossakowski, Klaus-Peter and Ruefle, Robin and Zajicek, Mark},
title={State of the Practice of Computer Security Incident Response Teams (CSIRTs)},
month={{Oct},
year={{2003},
number={{CMU/SEI-2003-TR-001},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6584396.v1},
note={Accessed: 2024-Nov-23}
}

Killcrece, Georgia, Klaus-Peter Kossakowski, Robin Ruefle, and Mark Zajicek. "State of the Practice of Computer Security Incident Response Teams (CSIRTs)." (CMU/SEI-2003-TR-001). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, October 1, 2003. https://doi.org/10.1184/R1/6584396.v1.

G. Killcrece, K. Kossakowski, R. Ruefle, and M. Zajicek, "State of the Practice of Computer Security Incident Response Teams (CSIRTs)," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2003-TR-001, 1-Oct-2003 [Online]. Available: https://doi.org/10.1184/R1/6584396.v1. [Accessed: 23-Nov-2024].

Killcrece, Georgia, Klaus-Peter Kossakowski, Robin Ruefle, and Mark Zajicek. "State of the Practice of Computer Security Incident Response Teams (CSIRTs)." (Technical Report CMU/SEI-2003-TR-001). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Oct. 2003. https://doi.org/10.1184/R1/6584396.v1. Accessed 23 Nov. 2024.

Killcrece, Georgia; Kossakowski, Klaus-Peter; Ruefle, Robin; & Zajicek, Mark. State of the Practice of Computer Security Incident Response Teams (CSIRTs). CMU/SEI-2003-TR-001. Software Engineering Institute. 2003. https://doi.org/10.1184/R1/6584396.v1

Ask a question about this Technical Report