The process of responding to cyber incidents requires professional skills and standardized methods. Incident responders often face challenges in determining who is responsible for addressing cybersecurity incidents. Consistence between incident response team members is crucial for two reasons: first, to eradicate and fix the incident effectively; second, to save time and effort. This paper proposes a model for distributing roles within an Incident Response (IR) team. Each member is assigned both basic and shared responsibilities to ensure comprehensive coverage. Three main roles are identified-Risk Analysis, Alerts and Warnings, and Security Consultant-which are designed as universal roles adaptable to teams of any size.

Incident, IR (Incident Response), CSIRT

Nyre-Yu, M., Gutzwiller, R.S. and Caldwell, B.S. (2019) ‘Observing cyber security incident response: Qualitative themes from field research’, Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 63(1), pp. 437–441. doi:10.1177/1071181319631016.

Nyre-Yu, M., Gutzwiller, R.S. and Caldwell, B.S. (2019) ‘Observing cyber security incident response: Qualitative themes from field research’, Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 63(1), pp. 437–441. doi:10.1177/1071181319631016.

Angafor, GN, Yevseyeva, I, He, Y. Game-based learning: A review of tabletop exercises for cybersecurity incident response training. Security and Privacy. 2020; 3:e126. https://doi.org/10.1002/spy2.126Tavel, P. 2007 Modeling and Simulation Design. AK Peters Ltd.

Villegas-Ch., W.; Ortiz-Garces, I.; Sánchez-Viteri, S.Proposal for an Implementation Guide for a Computer Security Incident Response Team on a University Campus. Computers 2021, 10, 102. ttps://doi.org/10.3390/computers10080102

Retnowardhani, A., Diputra, R.H. and Triana, Y.S. (2019) ‘Security Risk Analysis of bring your own device system in manufacturing company at Tangerang’, TELKOMNIKA (Telecommunication Computing Electronics and Control), 17(2), p. 753. doi:10.12928/telkomnika.v17i2.10165.

Nasser, M., Ahmad, R., Yassin, W., Hassan, A., Zainal, Z., Salih, N., & Hameed, K. (2018). Cyber-security incidents: A review cases in Cyber-Physical Systems. International Journal of Advanced Computer Science and Applications, 9(1).

Fransen, F., Smulders, A., & Kerkdijk, R. (2015). Cyber security information exchange to gain insight into the effects of cyber threats and incidents. Elektrotechnik Und Informationstechnik, 132(2), 106–112. https://doi.org/10.1007/s00502-015-0289-2

Bhardwaj, A., & Sapra, V. (Eds.). (2021). Security Incidents & Response Against Cyber Attacks. Springer International Publishing.

Austin, G. (2020). Cyber security education: Principles and policies. Routledge Studies in Conflict, Security and Technology.

Nyre-Yu, M., Gutzwiller, R.S., Caldwell, B.S. (2019). Observing Cyber Security Incident Response: Qualitative Themes from Field Research. Proceedings of the Human Factors and Ergonomics Society Annual Meeting , 63(1), pp. 437–441.

Bhaskar, R. (2005). A Proposed Integrated Framework for Coordinating Computer Security Incident Response Team. Journal of Information Privacy and Security .

Goundar, S. (2021). Introduction to Security Incidents and Response Against Cyber Attacks. EAI/Springer Innovations in Communication and Computing .

Ruefle, R., et al. (2014). Computer Security Incident Response Team Development and Evolution. IEEE Security & Privacy .

Botirov, F., et al. (2021). Identification of Key Persons in the Information Security Incident Management Process and Distribution of Roles Between Them. Tehnika Fanlari Va Innovaciâ .