Information Sharing between the Computer Security Incident Response Team and its Members: An Empirical Study

Authors

Keywords:

CSIRT, Critical infrastructure, Communication practices, Municipality

Abstract

The number of cyber incidents is steadily increasing in all sectors. Not all sectors have access to cybersecurity personnel with domain-specific knowledge, which further motivates the need for a Computer Security Incident Response Team (CSIRT). However, for a CSIRT to function as intended, effective digital communication should be at the forefront. This paper explores the communication practices between the CSIRT and its members by using a case from the Norwegian municipality sector. Ten semi-structured interviews with eleven participants representing the CSIRT and the municipalities were conducted. The findings include the most used communication channels and the members' perceptions of information sharing. Key factors limiting information sharing are the size of the municipality and access to critical resources, geographical location, and the lack of personal networks. Future work should investigate the generalizability of the findings in other sectors and countries.

Downloads

Download data is not yet available.
A viking ship where the sail is a Linear Feedback Shift Register, and the shields are zeros and ones, sailing on a sea that is NISK

Downloads

Published

2024-11-24

How to Cite

[1]
V. . Steffensen and V. Gnanasekaran, “Information Sharing between the Computer Security Incident Response Team and its Members: An Empirical Study”, NIKT, no. 3, Nov. 2024.

Issue

No. 3 (2024): NISK Norsk informasjonssikkerhets-konferanse

Section

Regular papers

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.