Incident Management Research

Competency Development

Workforce effectiveness relies on two critical characteristics: competence and readiness. Our work in competency development is designed to help organizations improve their training and development programs. Our researchers identify and document cybersecurity competencies within organizations. As these competencies are identified, the organization begins to understand that competence is not readiness.

Creating a CSIRT: Getting Started

To establish a computer security incident response team (CSIRT), you should understand what type of CSIRT is needed, the type of services that should be offered, the size of the CSIRT and where it should be located in the organization, how much it will cost to implement and support the CSIRT team, and the initial steps necessary to create the CSIRT. Our resources will help you answer these and other questions.

Operating and Staffing Your CSIRT

Our resources address practical operational and technical issues that every CSIRT must consider, including operating and staffing. Contact us if you have questions or need more information.

Developing Incident Handling Cost Models

Our resources provide information about developing cost-analysis models for incident handling.

Collecting Evidence/Forensics

Our resources provide information about CERT forensics work, basic forensic data collection, and forensic methodology.

Incident Management and General CSIRT Publications

We provide links to useful publications, which were written by our colleagues in the international community about incident management, incident response, CSIRTs, and more.

Security and Ontology

We are aware of the need for controlled vocabularies, taxonomies, and ontologies to make progress toward a science of cybersecurity. Read about our work in the field of security and ontology.

See the Results

Read the preliminary results of the Communication Study, and share your feedback with us.