Skip to main content

Incident Response Practices Across National CSIRTs: Results from an Online Survey

Mohd Kassim, Sharifah Roziah Binti, Li, Shujun, Arief, Budi (2022) Incident Response Practices Across National CSIRTs: Results from an Online Survey. OIC-CERT Journal of Cyber Security, 4 (1). pp. 67-84. ISSN 2636-9680. E-ISSN 2682-9266. (KAR id:94119)

PDF Author's Accepted Manuscript
Language: English

Download (248kB) Preview
[thumbnail of Incident-Response-Practice.pdf]
This file may not be suitable for users of assistive technology.
Request an accessible format
Official URL


The aim of this study is to obtain operational insights of real-world practices across national CSIRTs, concerning cyber incident reporting channels, ticketing tools, incident classification schemes, and ways to identify appropriate responses. An online survey involving 19 staff members of 17 national CSIRTs was conducted, leading to four major findings. First, multiple reporting channels are provided by national CSIRTs for prompt incident reporting. Second, free and open-source ticketing tools are popular among national CSIRTs for tracking reported incidents. Third, different incident classification schemes are used across national CSIRTs, indicating a lack of standardised approaches that can have important implications (for example, difficulties in cross-CSIRT information sharing). Fourth, for classifying incidents and identifying appropriate responses, manual approaches are used more than automated ones. We conclude that more cross-CSIRT efforts are needed to define a more standardised cyber incident classification scheme, and to develop more automated tools to support national CSIRTs' operations.

Item Type: Article
Uncontrolled keywords: CSIRT, computer security incident response team, national CSIRT, cyber incident, reporting channel, tick- eting tool, incident classification, survey.
Subjects: H Social Sciences > HD Industries. Land use. Labor > HD61 Risk Management
T Technology > TK Electrical engineering. Electronics. Nuclear engineering > TK5101 Telecommunications > TK5105 Data transmission systems > TK5105.5 Computer networks > TK5105.875.I57 Internet
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Sharifah Roziah Binti Mohd-Kassim
Date Deposited: 22 Apr 2022 13:56 UTC
Last Modified: 25 Apr 2022 09:13 UTC
Resource URI: (The current URI for this page, for reference purposes)
Li, Shujun:
Arief, Budi:
  • Depositors only (login required):


Downloads per month over past year