EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

A Proposed Integrated Framework for Coordinating Computer Security Incident Response Team

Rahul Bhaskar

Journal of Information Privacy and Security, 2005, vol. 1, issue 3, 3-17

Abstract: Traditionally, computer security incident response teams (CSIRT) are expected to respond to hacking incidents, rogue employees, or virus outbreaks. Recently, they are maturing into a critical tool for maintaining business operations, homeland security, and compliance with new regulations. Alberts et al (2004) define a CSIRT to be “a capability or team that provides services and support to a defined constituency for preventing, handling, and responding to computer security incidents.” Among the most important aims of these CSIRTs is a focus on processes related to incident and security management. A type of CSIRT called, “Coordinating CSIRTs (C-CSIRT) “ facilitate the handling of incidents, vulnerabilities, and general information across a variety of external and internal organizations. These C-CSIRTs play a crucial role in performing security and incident management across multiple organizations. Examples of these C-CSIRTs include AusCERT (Australia Computer Emergency Response Team) and CISCO PSIRT (CISCO Product Security Incident Response Team).The main focus of a C-CSIRT is to get its constituent organizations’ computer related infrastructure back to an operational state as soon as possible (Killcerece, 2003). This is done by concentrating primarily on incident, security and IT management. In our view, a C-CSIRT must include related processes such as communication with the public and media and the investigative processes that help to find the root causes of the attack to prevent not only irreparable harm to the public image and services of a business, but also recurring attacks. In the proposed framework, we integrate issues of communication and investigation into the processes that a C-CSIRT performs to fulfill its basic function of security, IT and incident management.

Date: 2005
References: Add references at CitEc
Citations:

Downloads: (external link)
http://hdl.handle.net/10.1080/15536548.2005.10855771 (text/html)
Access to full text is restricted to subscribers.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:taf:uipsxx:v:1:y:2005:i:3:p:3-17

Ordering information: This journal article can be ordered from
http://www.tandfonline.com/pricing/journal/uips20

DOI: 10.1080/15536548.2005.10855771

Access Statistics for this article

Journal of Information Privacy and Security is currently edited by Chuleeporn Changchit

More articles in Journal of Information Privacy and Security from Taylor & Francis Journals
Bibliographic data for series maintained by Chris Longhurst ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-20
Handle: RePEc:taf:uipsxx:v:1:y:2005:i:3:p:3-17