This report discusses the findings and recommendations of the “Cyber Incident Management in Low-Income Countries” project, funded by Global Affairs Canada. The project aims to create a tailorable guide for low-income countries to develop or improve their CSIRT capabilities in an affordable way to respond to the evolving cyber threat environment effectively.
The report itself is divided into two parts or documents
PART 1: A Holistic View on CSIRT Development
Part 1 of the report comprises a thorough desk review of academic and grey literature (e.g., reports of security vendors, independent organizations, government entities, N- CSIRTs). It lists the N-CSIRT services and identifies organizational models, applied incident handling processes, workflows, required human skill sets, training resources, applicable toolsets, maturity assessment methods, and best practices in capacity development.
This study conducted a thorough review of NSIRTs to highlight their development, successes and shortcomings, and solutions for growth. The content of this literature review is presented in five sections, to aid in identifying the maturity models of CSIRTs, review best practices, highlight the legal frameworks, and report on NSIRTs development case studies. This literature review provided significant insight into the survey development for this project.
PART 2: A Guideline for Development
Part 2 of this report represents a two-stage project,
It discusses the findings and recommendations of the ‘Cyber Incident Management in Low-Income Countries’ project, funded by the Global Forum on Cyber Expertise (GFCE). The project aims to create a tailorable guide for low-income countries to develop or improve their CSIRT capabilities in an affordable way to respond to the evolving cyber threat environment effectively.
The research team conducted surveys with 16 N-CSIRTs in low-income or developing countries to better understand the technical and organizational aspects of N-CSIRT services and sufficiently grasp the needs of the corresponding countries. In these surveys and follow-up semi-structured interviews with three of these N-CSIRTs, we explored which services those CSIRTs deliver, what type of technical and organizational capabilities they have, their medium and long-term goals, and their best practices in capacity building. The findings of the survey analysis are presented in Section 1 of this report.