The need for the South African (SA) National Research and Education Network (NREN) to establish a Computer Security Incident Response Team (CSIRT) was identified. CSIRTs offer a subset of all possible security services based on the environment and needs of the customers. Selecting this subset has its challenges as the view of the customer may differ from the provider and knowing which services will have the most impact (or be most beneficial) is difficult. In order to address the problem, this paper aims to propose an informed selection and prioritization of initial services for the SA NREN CSIRT, an academic sector CSIRT in South Africa. In order to do this, the first two stages of the IT Infrastructure Library (ITIL) service portfolio management process are used: defining the services based on authoritative CSIRT literature and analyzing them for value proposition and prioritization. A survey was used to obtain the viewpoint of the prospective customer base. The services are then selected based on the revelation of the SA NREN CSIRT as a coordinating CSIRT as well as the survey results. The primary contribution is providing a list of services for the CSIRT in the context of the SA NREN environment that can be used to develop a services portfolio. This study is useful to anyone wishing to select services for a new CSIRT or wanting to revise a CSIRT services portfolio.
Mooi, Roderick and Botha, Reinhardt, "Prioritizing computer security incident response services for the South African National Research Network (SANReN)" (2016). CONF-IRM 2016 Proceedings. 27.