Mohd Kassim, Sharifah Roziah Binti, Li, Shujun, Arief, Budi (2025) Validating a Set of Candidate Criteria for Evaluating Software Tools and Data Sources for National CSIRTs’ Cyber Incident Responses. Digital Threats: Research and Practice, 6 (4). pp. 1-20. ISSN 2692-1626. (doi:10.1145/3748267) (KAR id:112405)
|
PDF
Publisher pdf
Language: English 
This work is licensed under a Creative Commons Attribution 4.0 International License.
|
|
|
Download this file (PDF/911kB) |
Preview |
| Request a format suitable for use with assistive technology e.g. a screenreader | |
| Official URL: https://doi.org/10.1145/3748267 |
|
| Additional URLs: |
|
Abstract
National Computer Security Incident Response Teams (CSIRTs) are established worldwide to coordinate responses to cyber security incidents at the national level. It is known that software tools (including open source ones) and public data are routinely used to facilitate incident response in national CSIRTs. However, there is a lack of an authoritative set of criteria that can be used for a systematic evaluation to decide which software tools and data sources should be used by national CSIRTs for incident response. A prior study identified a set of potential candidate criteria for such an evaluation. The study presented in this article aims to validate these candidate criteria empirically by asking staff members of several national CSIRTs how they perceive the candidate criteria’s practical usefulness and readiness for deployment in national CSIRTs’ operations. The study involved online semi-structured interviews with nine interviewees from nine national CSIRTs in Asia-Pacific, Africa and Europe. After validating the candidate criteria using semi-structured interviews with these nine interviewees, we applied the criteria to evaluate a selection of software tools and data sources by converting each criterion into one or more relevant metrics, such as ‘measuring the time taken by a tool to produce results’. Results from the study led to the following main findings: (1) all interviewees perceived the candidate criteria as practically useful for evaluating tools and data sources in the operations of national CSIRTs; (2) all interviewees agreed that the candidate criteria could be deployed in national CSIRTs and other types of CSIRTs and (3) the candidate criteria can be applied relatively easily in practice. These criteria are envisaged to help national CSIRTs select the most appropriate tools and data sources to facilitate effective incident response, improve their operational practices and improve the quality of wider security operations.
| Item Type: | Article |
|---|---|
| DOI/Identification number: | 10.1145/3748267 |
| Subjects: |
Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, > QA76.76 Computer software |
| Institutional Unit: |
Schools > School of Computing Institutes > Institute of Cyber Security for Society |
| Former Institutional Unit: |
There are no former institutional units.
|
| Funders: | University of Kent (https://ror.org/00xkeyj56) |
| Depositing User: | Shujun Li |
| Date Deposited: | 16 Dec 2025 16:28 UTC |
| Last Modified: | 17 Dec 2025 03:43 UTC |
| Resource URI: | https://kar.kent.ac.uk/id/eprint/112405 (The current URI for this page, for reference purposes) |
University of Kent Author Information
Mohd Kassim, Sharifah Roziah Binti.
| Creator's ORCID: | |
|---|---|
| CReDIT Contributor Roles: |
Li, Shujun.
| Creator's ORCID: |
 https://orcid.org/0000-0001-5628-7328
|
|---|---|
| CReDIT Contributor Roles: |
Arief, Budi.
| Creator's ORCID: |
https://orcid.org/0000-0002-1830-1587
|
|---|---|
| CReDIT Contributor Roles: |
- Link to SensusAccess
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):
Altmetric
Altmetric
