Download
1 / 6
60 likes | 152 Views
Feasibility study on developing cybersecurity risk indicators through a questionnaire distributed to national CSIRTs, with 25 responses analyzed. Preliminary results highlight three primary sets of questions: general aspects, capacity, and incident-related queries. The study delves into challenges encountered and methods to enhance data quality.
E N D
Improving the international comparability of statistics produced by csirts Developing Cybersecurity Risk Indicators panel 26th Annual FIRST Conference Aaron Martin
Feasibility study design • Questionnaire developed to determine: • Can CSIRTs respond to these questions? • Would the data collected help produce quality statistical indicators? • Widely distributed to national CSIRTs • 25 responses • Analysis of results ongoing
Preliminary analysis • Three sets of primary questions • General aspects of CSIRTs • Organisational capacity • Incidents • Feedback questions • Explaining non-responses • Additional information • Basis for calculations • Difficulties encountered • How to improve the questions
General aspects • Accounting for more than one national CSIRT per country/economy • Classifying CSIRTs by constituency • IP addresses as an indicator of network size • Internet users as an indicator of network size • Understanding CSIRT data sources
Capacity questions • CSIRT annual budget • Percentage of budget funded by government • FTEs employed by the CSIRT • FTEs employed for security incident handling • Technical skills • Incident reports handled without human intervention (i.e. automated) • Requests for assistance dedicated action taken • Targeted mitigation (proactive notice) • Formal co-operation • Informal co-operation
Incident-related questions • Phishing websites hosted in the CSIRT’s constituency • DoS attacks targeting the constituency • Defaced websites hosted in the constituency • Servers hosting malware • Servers directing to malware • Botnet C&C servers
