Once we've hired a good employee and invested in training and integrating that person into our operations, it's a terrible waste to lose their enthusiasm and even their services through burnout and turnover.

MSIA graduate Timothy Dzierzek wrote an excellent paper in the course I taught on Computer Security Incident Response Team Management last summer, and I’m delighted to present his work (slightly edited) in this and two additional columns based on his case study organization, which is represented pseudonymously as “Smith & Smith.”

By the way, even professors in the MSIA do not normally know their students’ case study names – we are deeply concerned with protecting confidentiality of their sources and explicitly ask them not to reveal details of the organizations they are studying.

* * *

Hiring adequate staff for a Computer Security Incident Response Team (CSIRT) represents a critical challenge for any organization. The CSIRT must have an adequate number of employees to respond to computer security incidents. Author Danny Smith, a member of the Australian Computer Emergency Response Team, states that “the size of a team would have an effect on the overall capability of the team.”

In addition, the CSIRT must employ technicians with necessary skills and experiences. Experts at the CERT Coordination Center state, “[Y]ou need people with a certain set of skills and technical expertise, with abilities that enable them to respond to incidents, perform analysis tasks, and communicate effectively with your constituency and other external contacts.” Meeting these two requirements ensures the CSIRT has adequate staff to perform this valuable function.

Once organizations hire employees for the CSIRT, they must manage their personnel to maintain adequate staffing levels. One area that organizations must focus on is staff turnover. A Help Desk Institute study published in 2000 suggested that 48% of help-desk managers interviewed the previous year considered staff turnover a serious problem.

A specific area that organizations must address is the effect that staff burnout has on the CSIRT’s capabilities. The authors of Handbook for Computer Security Incident Response Teams (CSIRTs) state, “Many CSIRT staff suffer from burnout…, where the constant pressures and stress from daily… incident handling tasks become a burden and intrude into the private life.” Each of these factors has detrimental effects on the CSIRT.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.