Today at MIRCon I mentioned that one of my colleagues, Jeff Yeutter, had updated the somewhat famous CERT/CC study of CIRT characteristics as part of his degree program. Jeff posted the survey online as Computer Incident Response Team Organizational Survey, 2011 with this description:
In 2003, the CERT CSIRT Development Team (www.CERT.org) released a study on the state of international computer security incident response teams with the goal of providing "better insight into various CSIRT organizational structures and best practices" for new and existing members of the CSIRT community (Killcrece, Kossakowski, Ruefle, & Zajicek, 2003). The attached survey, a modified form of the original, will be used to update the 2003 study with a greater focus on the methods of organization used by American and international CIRTs, the tools that they employ, and how these vary across organizations of different sizes and industries.
This research is being conducted, and is independently funded, by Jeff Yeutter, Technical Sales Executive at Mandiant, as the final project for his Master's in Information Systems with a concentration in Computer Security Management at Strayer University. This survey will also be distributed to members of the Forum of Incident Response and Security Teams (www.FIRST.org) with the assistance of Richard Bejtlich, Chief Security Officer and VP, MCIRT, at Mandiant.
No identifying information is required to complete this survey. Participants may include such information if they are interested in immediately being notified of the results of the study once it is complete, or if they would like to make themselves available for follow-up questions. Any and all identifying personal or professional identifying information offered by participants will be held in strict confidence. The results of this study, minus any identifying information, may be included in a future, cost-free whitepaper.
The original CERT study from 2003 can be found at: www.cert.org/archive/pdf/03tr001.pdf
The time to complete this survey is approximately 10-15 minutes.
If you're a CIRT member and want to contribute, please consider completing the survey at Computer Incident Response Team Organizational Survey, 2011. Thank you!