Method for efficiency assessment of cyberincidents processing by CSIRT
key performance indicators, cyberincidents, CSIRT, correlation matrix, indicators panelAbstract
Cyberincidents processing and managing are important problems, solving of which involved specialized centers such as CSIRT. However, nowadays there are no mechanisms for assessment their work. In this regard in this paper are analyzed modern methods for estimation personnel work, conducted their multicriterial analysis. Based on analysis developed a method of efficiency estimation of processing cyberincidents by CSIRT centers, that by definition CSIRT performance indices, selection among them key performance indicators using multivariate correlation-regression analysis, indicators panel construction, dependence visualization of key performance indicators and efficiency, makes it possible to conduct audit for CSIRT activities and for other service centers of information and telecommunication systems. This method and formed on its basis tools will be useful for heads of responding on cyberincidents centers for monitoring, analysis, evaluation and management of CSIRT performance. Developed method can be applied at any company or government agency in order to increase information security level and effectiveness of the employee, department and organization.References
