CSIRT Maturity assessment
This section gives recommendations for CSIRTs on how to improve, mature and be better prepared to protect their constituencies.
Published under
CSIRT Capabilities and Maturity
Maturity evaluation consists of two main assets:
- ENISA CSIRT maturity assessment model – The maturity assessment model is based on Security Incident management Maturity Model (SIM3) which is a community driven effort to measure maturity of CSIRT. ENISA CSIRT maturity assessment model is taking into account requirements of NIS Directive. The model is described in the study “ENISA CSIRT maturity assessment model” and consists of three tier measurement of CSIRT capabilities across Organizational Human, Tools and Processes parameters. All parameters are evaluated in order to determine level of maturity (Basic, Intermediate or Advanced).
- ENISA maturity evaluation methodology for CSIRTs - The ENISA Maturity Evaluation Methodology for CSIRTs consists of two main parts:
- self-assessment survey
- peer review workshop
Access the ENISA CSIRT maturity self-assessment tool |
|---|
It is suggested that the reader gets familiar with the baseline capabilities for CSIRTs documentation and maturity evaluation studies at first before advancing to the assessment itself.
- CSIRT Capabilities. How to assess maturity? Guidelines for national and governmental CSIRTs – study on maturity assessment within Trusted Introducer certification Scheme with practical examples from CERT.LV - the Information Technology Security Incident Response Institution of the Republic of Latvia.
- ENISA CSIRT maturity assessment model – description of three-tier maturity assessment model.
- ENISA maturity evaluation methodology for CSIRTs – study on methodology of maturity assessment.