CSIRT Maturity assessment

This section gives recommendations for CSIRTs on how to improve, mature and be better prepared to protect their constituencies.

Maturity evaluation consists of two main assets:

  • ENISA CSIRT maturity assessment model – The maturity assessment model is based on Security Incident management Maturity Model (SIM3) which is a community driven effort to measure maturity of CSIRT. ENISA CSIRT maturity assessment model is taking into account requirements of NIS Directive. The model is described in the study “ENISA CSIRT maturity assessment model” and consists of three tier measurement of CSIRT capabilities across Organizational Human, Tools and Processes parameters. All parameters are evaluated in order to determine level of maturity (Basic, Intermediate or Advanced). 
     
  • ENISA maturity evaluation methodology for CSIRTs - The ENISA Maturity Evaluation Methodology for CSIRTs consists of two main parts:
    • self-assessment survey
    • peer review workshop

Both parts have been identified as indispensable elements for successful and full-fledged evaluation process. Self assessment survey could be done using this online assessment tool. Peer review is a process during which CSIRTs can evaluate each other based on described methodology within parameters of maturity assessment model.

It is suggested that the reader gets familiar with the baseline capabilities for CSIRTs documentation and maturity evaluation studies at first before advancing to the assessment itself.

 ENISA CSIRT maturity self-assessment tool 'click here'.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information