Many businesses have outsourced CSIRT services to mitigate their risks. However, it can be difficult for the company to measure how successful the service is because there is no feedback mechanism in place. This blog post discusses a new feedback mechanism that could help companies quantify and evaluate the effectiveness of a CSIRT.
An example of a feedback mechanism that is being proposed by the authors for CSIRT effectiveness measurement, which can also be used as an impact-to-effort ratiometric in incident response. There are pros and cons to this type of feedback mechanism: __.,
However, it has been observed that many organizations rely on their own internal data collection efforts when measuring the success or failure of a CSIRT service provider. This will not work because there is no way to compare between different types/levels of service providers.
The only thing that companies have at their disposal without some sort of external analysis system like a feedback mechanism, is just anecdotal evidence from peers about how effective they think their current CSIRT might be or was during past incidents.
