Characteristics of Cyber Incident Response Teams in the World and Recommendations for Turkey

Year 2015, Volume: 3 , 175 - 178, 30.12.2015

Yunus Emre Karabulut Gülistan Boylu Ecir Uğur Küçüksille Mehmet Ali Yalçınkaya

Abstract

Today, in countries across the world, operations such as the digitalization of critical infrastructure and public services, through the use of computer networks, has revealed the security problems of cyber space. Used for the transferring and storing of highly critical data, any weaknesses and vulnerabilities located on these computer systems have the potential to cause tangible and intangible costs and losses on the country concerned. With the concept of cyber security growing in importance globally, countries have developed strategies, launched awareness-raising activities, and organized campaigns to have maximum information security level. In what is an ongoing process, it has been revealed that countries are finding it necessary to create computer security incident response teams, in order to protect their national cyber security. Cyber incident response teams are for the early identification of threats to national security that may occur in cyberspace, and to reduce the effects of any attack that may be encountered. In this study, we examined in detail the policies being implemented for the creation of cyber incident response teams and the qualifications team members should have. In addition, the cyber incident response teams created in developed countries around the World, and the properties and activities of these teams, are investigated. The study is concluded by examining the development of cyber incident response teams in Turkey, and presenting recommendations for Turkey.

Keywords

CSIRT, Incident response teams, Information security, Strategy of national security

References

• [1] A. Sawicka, J. Gonzalez and Y. Qian, “Managing CSIRT Capacity as a Renewable Resource Management Challenge. An Experimental Study”. In: Proceedings of the 23rd System Dynamics Society Conference, Boston, MA, USA, July 2005, pp. 31. [2] P. Pavel, "Adapting the ticket request system to the needs of CSIRT teams." WSEAS Transaction on Computers 8.9, 2009, pp. 1440-1450. [3] SANS Institute InfoSec Reading Room, Computer Incident Response Team. 2001 (Accessed June 2015) http://www.sans.org/reading-room/whitepapers/incident/computer-incident-response-team-641 [4] J. Wiik, J. J. Gonzalez, P. I. Davidsen, and K. P. Kossakowski, Preserving a balanced CSIRT constituency. In Twenty Seventh International Conference of the System Dynamics Society July, at Albuquerque, NM, USA, 2009. [5] Cyber Emergency Response Team UK Organization, (Accessed July 2015) http://www.cert.org/resilience/research/index.cfm [6] Listing Of Worldwide CERT Organization, (Accessed August 2015) https://scadahacker.com/resources/cert.html [7] JPCERT Coordination Center Incident Response, (Accessed August 2015) http://www.jpcert.or.jp/. [8] US-CERT, United States Computer Emergency Readiness Team, (Accessed August 2015) https://www.us-cert.gov/ [9] Ulusal Siber Olaylara Müdahale Merkezi, (Accessed August 2015) https://www.usom.gov.tr/