Ulrika Isaksson; Karin Kvarnström; Malin Nilsson MCS-2003:06, pp. 42. Inst. för programvaruteknik och datavetenskap/Dept. of Software Engineering and Computer Science, 2003.
IT-security is a global problem and over the world Computer Emergency Response Teams (CERT) are created in order to solve the problem. The common understanding is that IT-security is important but no straight guideline how to deal with it.
The Swedish IT-incident centre (SITIC) started 2003. It is a Swedish solution on an international problem. There are challenges to be met when handling an IT-incident centre – organisation form, activity and result.
We believe a general solution in IT-incident management that will suit all parties in the society, is a hard task for SITIC as things stand today. What we can deduce from our investigation is that there is no greater need of SITIC among the global companies. We believe one reason for this is that they are going to create within their companies some sort of CERT function by themselves in the future. This in its turn, depend on that the companies do not have any trust to SITIC, they do not see the benefit with an activity as SITIC because they only see the reporting, they do not believe they are going to get something in return.
Conclusion: Incident management is not only about reporting incidents, but a continuous life cycle with phases: detect, report, measure and follow-up.