Improving Social Maturity Of Cybersecurity Incident Response Teams

Short Intro

Cybersecurity in the twenty-first century reflects the most technologically sophisticated threat environment the world has ever seen. Cyber incidents are asymmetric and evolving – threatening institutions, individuals, organizations, and governments. The familiar refrains “attribution is difficult” and “the threat is amorphous” have become the stuff of industry lore. In this environment, organizations frequently seek to stay ahead of the threat by maintaining a distinct technological advantage.

This advantage has long been accepted as a given considering the history and evolution of the cyber domain. The Western world not only invented the Internet and the systems that form its architecture, but institutions of higher education have responded by producing human talent that is adept at using the latest technologies. Our tools are second-to-none, and our capacity to train people in the use of these tools has never been greater Continue reading…

Table of Contents

  • Acknowledgements 3
  • Project Team 4
  • Executive Summary: Quick Reference Guide 9
  • Preface 26
  • Chapters 33
  • Chapter One: Introduction to the Handbook 34
  • Chapter Two: The Social Maturity of CSIRTs and Multiteam Systems 46
  • Chapter Three: Measuring and Evaluating CSIRT Performance 62
  • Chapter Four: Decision-Making in CSIRTs 77
  • Chapter Five: Communication Effectiveness in Incident Response 91
  • Chapter Six: Information Sharing Effectiveness in Incident Response 111
  • Chapter Seven: Collaborative Problem-Solving in Incident Response 122
  • Chapter Eight: Shared Knowledge of Unique Expertise 138
  • Chapter Nine: Trust in Teams and Incident Response Multiteam Systems 147
  • Chapter Ten: Sustained Attention and Focus Over Time 160
  • Chapter Eleven: Continuous Learning in Incident Response 171
  • Appendices 188
  • Appendix A: Taxonomy of Cybersecurity Multiteam System (MTS) Task Performance 189
  • Appendix B: Assessment Exercises and Improvement Strategies by Topic Area 205
  • Appendix C: Hiring and Training CSIRT Employees: Validation Considerations 212
  • Appendix D: Programs of Instruction for CSIRT Training 217
  • Appendix E: Supplemental Worksheets 225
  • Appendix F: Leveraging Strategies from Three Emergency Response Teams to Improve
  • Cybersecurity Incident Response Team Effectiveness 235
  • Appendix G: Comparing Knowledge, Skills, Abilities and Other Characteristics (KSAOs) Necessary
  • for Cybersecurity Workers in Coordinating and Non-coordinating CSIRTs 266
  • Appendix H: Building Informal CSIRT Networks to Enhance the Incident Response Process 276
  • Appendix I: Social Resilience During Cybersecurity Incident Response 284

Download Book

Happy learning!