U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Archived Content

In an effort to keep DHS.gov current, the archive contains outdated information that may not reflect current policy or programs.

Cyber Security Incident Response Teams

A Cyber Security Incident Response Team (CSIRT) is a group of experts that assesses, documents and responds to a cyber incident so that a network can not only recover quickly, but also avoid future incidents. S&T funds the CSIRT project to help CSIRT organizations at all levels of government and the private sector improve significantly through the development and application of superior approaches to incident response and organizational learning.  Specifically, S&T will have a guide on how to best staff, train, support, and sustain CSIRTs, which will translate to a better overall cyber incident response capability.

Motivation

Research is needed in this space because CSIRT teams are often dynamically formed and temporary in nature, assembled in response to specific incidents. In cyber incident response, teams often respond to problems or incidents that have not been seen before. There is no overarching set of guiding principles and best practices that CSIRTs can look to in terms of organization, training and execution.

Approach

The core research focuses on current best practices from a business organizational psychology perspective to clearly explain how incident response individuals and teams can best work to improve complex cyber incident response to be faster, more efficient and more adaptive. The work is being done by an academic/industry research team and in collaboration with the United States Computer Emergency Readiness Team and the National Cybersecurity and Communications Integration Center and our international government partners from the Netherlands and Sweden.  This underscores the international applicability of the cybersecurity challenge and its value as a partnership and confidence-building mechanism. The interdisciplinary team working on the project includes a cybersecurity and software engineering researcher, organizational psychologists, economists and practitioners from a commercial partner with CSIRT expertise.

Contact

Program Manager: Scott Tousley

Email: SandT-Cyber-Liaison@hq.dhs.gov

Performers

Prime: Dartmouth College Subs: George Mason University, Hewlett Packard

Last Updated: 08/02/2024
Was this page helpful?
This page was not helpful because the content