You are here

Home » Content

Introduction and Evaluation of Computer Security Incident Response Team (CSIRT) in Organizations

Journal Name:

  • Cumhuriyet Üniversitesi Fen Fakültesi Fen Bilimleri Dergisi

Publication Year:

  • 2015

Key Words:

Author Name
Abstract (2. Language): 
With the rapid development of information technology and the continuous changes in the services, information technology has played a key role in organizations. During the past years, a great number of IT infrastructure and particular applications have been employed by the organization. Many organizations have purchased a large number of high-end enterprise applications such as ERP, CRM, etc. to improve their business capacity. At the same time, these organizations a huge amount of time and resources are spent for maintenance applications. At the same time, these organizations are spent a huge amount of time and resources for application’s maintenance. since any incident that may result in service interruptions, causes very high costs for organizations, The issue of how organizations can deploy an effective way to manage events, So that costs can be reduced, the occurrence of events can be avoided and the continuity of their business can be guaranteed, is considered. For this purpose, approaches and events management models offered by some mature frameworks such as ITIL, COBIT and standards like ISO / IEC 20000, are accepted widely in many organizations. These frameworks combine extensive management practices in order to support organizations for achieving the desired quality and creating value from IT operations. For example ITIL provides A set of best process-oriented practices for IT service management. IT service management practices, directly or indirectly causes establishing communication between employees, innovation, finances and domestic business interests.
Bookmark/Search this post with
FULL TEXT (PDF): 
PDF icon 5000142867-5000238941-1-pb.pdf
  • 6
246
253
  • Turkish

REFERENCES

References: 

[1] Askarzadeh, H., Rashti, S.M.R, computer security incidents response team (CSIRT / CERT), first
edition, Tehran, rouyesh javanehhay farda , 1389.
[2] Mashhadi Abd Al Rahman, F., "provide a framework for an effective constitute aid groups and
Computer Emergency Response (CSIRT) in enhancing the security of computer networks", Master
Thesis PNU, 1390.
[3] SH. Von Solms, and R. Von Solms, “Information Security Governance: Due Care,” Computers &
Security, Vol. 25, (7), pp. (494-497), 2006.
[4] PW. Anderson, “Information Security Governance,” Information Security Technical Report, Vol. 6, (3),
pp. (60-70), 2001.
[5] Grossman, “FEMA Takes a New Enterprise Architecture Approach to Support DHS,” Department of
Homeland Security, 2009.
[6] A. Buecker, P. Ashley, M.Borret, M. Lu, S. Muppidi, N.Readshaw, “Understanding SOA Security,”
Red Book, IBM, 2007
[7] ISO/IEC 27001:2005, 1st Ed.: Information technology - Security techniques – Information security
management systems – Requirements.
[8] F. S. Malik, “Information Security Maturity Model,” International Journal of Computer Science and
Security (IJCSS), Vol. 5, (3), 2011.
[9] ISM3 Consortium, “ISM3 - Information Security Management Maturity Model,” 2007.
[10] European Network and Information Security Agency, “Good Practice Guide for Incident Management,”
2010.
[11] Moura, J.Sauve, C.Bartolini, “Business-Driven IT Management-Upping the Ante of IT: Exploring the
Linkage between IT and Businessto Improve Both IT and Business Results,”IEEE Communications
Magazine, Vol. 46 (10), 2008.
[12] Office of Government Commerce, ITIL Core Books, UK, 2007.
[13] IT Governance Institute, Control Objectives for Information andrelated Technology (CobiT), 4.1th
Edition, USA, 2007.
[14] International Organization for Standardization, “ISO/IEC 20000-1”&“ISO/IEC 20000-2”, 2005.
ESTEDLAL
253
[15] W. Gue, Y. Wang, “An Incident Management Model for SaaS Application in the IT Organization,”
IEEE Computer Society, 2009.
[16] Cater-Steel, "Information Technology Governance and Service Mangement: frameworks and
adaptions," IGI Global, 2009.
[17] V. Lloyd, C. Rudd, and C. Littlewood, "Planning to Implement Service Management," Earley: itSMF
Ltd, 2003.
[18] Nabiollahi, B. Sahibuddin,, "Considering Service Strategy inITILV3 as a Framework for IT
Governance, 2008.
[19] Hochstein, R. Zarnekow, W. Brenner, "ITIL as Common Practice Reference Model for IT Service
Management: Formal Assessment andImplications for Practice", IEEEXplore, 2005.
[20] M. Brenner, M. Garschhammer, and H. Hegering,"Managing Development and Application of Digital
Technologies", Berlin: Springer, 2006.
[21] Cartlidge , A. Hanna, C. Rudd, I. Macfarlane, J. Windebank, and S. Rance,,"An Introductory Overview
of ITIL V3”,The UK chapter of the itSMF, 2007.
[22] www.b-pi.com
[23] www.brighthubpm.com
[24] Carnegie Mellon, Software Engineering Institute, “Handbook for Computer Security Incident Response
Teams (CSIRTs)”, 2ndEdition, 2003.
[25] European Network and Information Security Agency, “a step-by-step Approach on How to Setup a
CSIRT,” 2006.
[26] Carnegie Mellon, Software Engineering Institute, “Defining Incident Management Processes for
CSIRTs: A Work in Progress”, 2004.
[27] National Institute of Standards and Technology, "Computer Security Incident Handling Guide," 2nd
Edition, 2012.

Thank you for copying data from http://www.arastirmax.com