Effectiveness of proactive CSIRT services
Many authors have suggested that Computer Security Incident Response Teams (CSIRTs) need to deliver more proactive services to stay effective, but there are hardly any studies investigating to what extent existing proactive services are indeed effective or how to make them more effective. We view the proactive services as cross-organisational learning processes, where CSIRTs facilitate learning between information providers (i. e. vendors of commercial off-the-shelfsoftware) and users of these information (i. e. users of such products) in the CSIRT constituency. Cross-organisational learning processes carry the promise of avoiding incidents and the hope of saving considerable resources, but only if the constituents are enabled to learn from the experiences of the past and from others effectively.
Full Text: PDF