P. 1
Computer forensics EC-Council V2-module4

Computer forensics EC-Council V2-module4

|Views: 101|Likes:
Published by agtpkustoms13
Csirt Handbook
Csirt Handbook

More info:

Published by: agtpkustoms13 on Oct 04, 2012
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





As discussed in the introduction of this document, experienced CSIRT staff are in short
supply and expensive to hire and train for your CSIRT environment. So having invested in
the time and resources to identify, hire, and train staff, it is most important to try to retain
them. The two main reasons for turnover of CSIRT staff are burnout and low salary.

Many CSIRT staff suffer from burnout (the authors of this handbook are not exceptions),
where the constant pressures and stress from daily (and often nightly, if a 24-hour service is
offered) incident handling tasks become a burden and intrude into the private life. Staff can
become bored with routine incidents, are physically tired, lack attention to detail, and make
costly mistakes. Large salaries are now becoming available in the incident response world,
mostly by way of fee-for-service CSIRTs. But not all teams, especially in the research and
education community, will have the budget to pay a competitive salary. On the other hand
these teams do not necessarily provide 24-hour coverage. The pull of large salaries will
inevitably be enough to immediately draw certain people, but for others, incentives such as
job satisfaction and personal growth possibilities will encourage them to stay. The following
approaches should be considered to address both of these issues:

• rotation of duties related to routine work and incident handling

• no more than 80 percent of any individual’s effort dedicated to incident handling service


Longstaff, Thomas A. “Incident Role Playing: An Exercise to Develop New Insights Into the
Process of Investigating a Computer Security Incident.” 5th

Workshop on Computer Security
Incident Handling, Forum of Incident Response and Security Teams, St. Louis, Mo., August 1993.



• attendance at technical conferences/workshops/tutorials (such as the FIRST

or other security venues that are applicable (e.g., training courses)

• participation at technical working groups (like the IETF)

• development of in-house training courses

• attendance at in-house training courses

Teams that have the greatest success in retaining quality staff have strong team environments
where staff mix socially as well as in the work environment. They are also organizations in
which the contributions of all team members (technical and non-technical, new and
experienced) are considered and valued.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->