Incident Management Research
Workforce effectiveness relies on two critical characteristics: competence and readiness. Our work in competency development is designed to help organizations improve their training and development programs. Our researchers identify and document cybersecurity competencies within organizations. As these competencies are identified, the organization begins to understand that competence is not readiness.
To establish a computer security incident response team (CSIRT), you should understand what type of CSIRT is needed, the type of services that should be offered, the size of the CSIRT and where it should be located in the organization, how much it will cost to implement and support the CSIRT team, and the initial steps necessary to create the CSIRT. Our resources will help you answer these and other questions.
Our resources address practical operational and technical issues that every CSIRT must consider, including operating and staffing. Contact us if you have questions or need more information.
Our resources provide information about developing cost-analysis models for incident handling.
Our resources provide information about CERT forensics work, basic forensic data collection, and forensic methodology.
We provide links to useful publications, which were written by our colleagues in the international community about incident management, incident response, CSIRTs, and more.
We are aware of the need for controlled vocabularies, taxonomies, and ontologies to make progress toward a science of cybersecurity. Read about our work in the field of security and ontology.