Today at MIRCon I mentioned that one of my colleagues, Jeff Yeutter, had updated the somewhat famous CERT/CC study of CIRT characteristics as part of his degree program. Jeff posted the survey online as Computer Incident Response Team Organizational Survey, 2011 with this description: In 2003, the CERT CSIRT Development Team (www.CERT.org) released a study on the state of international computer security incident response teams with the goal of providing "better insight into various CSIRT organizational structures and best practices" for new and existing members of the CSIRT community (Killcrece, Kossakowski, Ruefle, & Zajicek, 2003). The attached survey, a modified form of the original, will be used to update the 2003 study with a greater focus on the methods of organization used by American and international CIRTs, the tools that they employ, and how these vary across organizations of different sizes and industries. This research is being conducted, and is independentl...