Abstracted and indexed in:
Future:
The aim of this study is to obtain operational insights of real-world practices across national CSIRTs, concerning cyber incident reporting channels, ticketing tools, incident classification schemes, and ways to identify appropriate responses. An online survey involving 19 staff members of 17 national CSIRTs was conducted, leading to four major findings. First, multiple reporting channels are provided by national CSIRTs for prompt incident reporting. Second, free, and open-source ticketing tools are popular among national CSIRTs for tracking reported incidents. Third, differing incident classification schemes are used across national CSIRTs, indicating a lack of standardised approaches that can have negative implications (for example, difficulties in cross-CSIRT information sharing). Fourth, for classifying incidents and identifying appropriate responses, manual approaches are used more than automated ones. We conclude that better cross-CSIRT efforts are needed to define a more standardised cyber incident classification scheme, and to develop more automated tools to support national CSIRTs’ operations.
Sharifah Roziah Mohd Kassim
Affiliation: Institute of Cyber Security for Society (iCSS) & School of Computing, University of Kent
Canterbury, UK
Shujun Li
Affiliation: Institute of Cyber Security for Society (iCSS) & School of Computing, University of Kent
Canterbury, UK
Budi Arief
Affiliation: Institute of Cyber Security for Society (iCSS) & School of Computing, University of Kent
Canterbury, UK