{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T07:46:28Z","timestamp":1767339988329,"version":"build-2065373602"},"reference-count":49,"publisher":"MDPI AG","issue":"8","license":[{"start":{"date-parts":[[2021,8,19]],"date-time":"2021-08-19T00:00:00Z","timestamp":1629331200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computers"],"abstract":"<jats:p>Currently, society is going through a health event with devastating results. In their desire to control the 2019 coronavirus disease, large organizations have turned over the execution of their activities to the use of information technology. These tools, adapted to the use of the Internet, have been presented as an effective solution to the measures implemented by the majority of nations where quarantines are generalized. However, the solution given by information technologies has several disadvantages that must be solved. The most important in this regard is with the serious security incidents that exist, where many organizations have been compromised and their data has been exposed. As a solution, this work proposes the design of a guide that allows for the implementation of a computer incident response team on a university campus. Universities are optimal environments for the generation of new technologies; they also serve as the ideal test bed for the generation of security policies and new treatments for incidents in an organization. In addition, with the implementation of the computer incident response team in a university, it is proposed to be part of a response group to any security incident at the national level.<\/jats:p>","DOI":"10.3390\/computers10080102","type":"journal-article","created":{"date-parts":[[2021,8,19]],"date-time":"2021-08-19T09:58:06Z","timestamp":1629367086000},"page":"102","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":17,"title":["Proposal for an Implementation Guide for a Computer Security Incident Response Team on a University Campus"],"prefix":"10.3390","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5421-7710","authenticated-orcid":false,"given":"William","family":"Villegas-Ch.","sequence":"first","affiliation":[{"name":"Escuela de Ingenier\u00eda en Tecnolog\u00edas de la Informaci\u00f3n, FICA, Universidad de Las Am\u00e9ricas, Quito 170125, Ecuador"}]},{"given":"Ivan","family":"Ortiz-Garces","sequence":"additional","affiliation":[{"name":"Escuela de Ingenier\u00eda en Tecnolog\u00edas de la Informaci\u00f3n, FICA, Universidad de Las Am\u00e9ricas, Quito 170125, Ecuador"}]},{"given":"Santiago","family":"S\u00e1nchez-Viteri","sequence":"additional","affiliation":[{"name":"Departamento de Sistemas, Universidad Internacional del Ecuador, Quito 170411, Ecuador"}]}],"member":"1968","published-online":{"date-parts":[[2021,8,19]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1016\/j.cose.2016.04.003","article-title":"A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing","volume":"60","author":"Skopik","year":"2016","journal-title":"Comput. Secur."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"269","DOI":"10.1007\/s10922-018-9458-z","article-title":"Specialized CSIRT for Incident Response Management in Smart Grids","volume":"27","author":"Martins","year":"2018","journal-title":"J. Netw. Syst. Manag."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1111\/1758-5899.12625","article-title":"CSIRTs and Global Cybersecurity: How Technical Experts Support Science Diplomacy","volume":"9","author":"Tanczer","year":"2018","journal-title":"Glob. Policy"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Esp\u00edn, F.V. (2021). Guidelines and Their Challenges in Implementing CSIRT in Ecuador. Advances in Intelligent Systems and Computing, Springer Science and Business Media, LLC.","DOI":"10.1007\/978-3-030-63665-4_19"},{"key":"ref_5","first-page":"1","article-title":"Computer Security Incident Response Team Effectiveness: A Needs Assessment","volume":"8","author":"Kleinhuis","year":"2017","journal-title":"Front. Psychol."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Zamzuri, Z.F., Manaf, M., Ahmad, A., and Yunus, Y. (2011, January 27\u201329). Computer Security Threats towards the E-Learning System Assets. Proceedings of the Communications in Computer and Information Science, Pahang, Malaysia.","DOI":"10.1007\/978-3-642-22191-0_30"},{"key":"ref_7","unstructured":"Graham, J.H., and Yu, Y. (2005, January 10\u201312). Computer System Security Threat Evaluation Based Upon Artificial Immunity Model and Fuzzy Logic. Proceedings of the 2005 IEEE International Conference on Systems, Man and Cybernetics, Waikoloa, HI, USA."},{"key":"ref_8","unstructured":"ESET (2020). Security Security Report. Security, 7, 1\u201315."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Mulwad, V., Li, W., Joshi, A., Finin, T., and Viswanathan, K. (2011, January 22). Extracting Information about Security Vulnerabilities from Web Text. Proceedings of the 2011 IEEE\/WIC\/ACM International Conferences on Web Intelligence and Intelligent Agent Technology, Lyon, France.","DOI":"10.1109\/WI-IAT.2011.26"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"427","DOI":"10.1080\/14703297.2012.728879","article-title":"Exploring the potential of role play in higher education: Development of a typology and teacher guidelines","volume":"49","author":"Rao","year":"2012","journal-title":"Innov. Educ. Teach. Int."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"5231","DOI":"10.1080\/00207540600847137","article-title":"An empirical investigation of supply chain strategy typologies and relationships to performance","volume":"46","author":"Narasimhan","year":"2008","journal-title":"Int. J. Prod. Res."},{"key":"ref_12","first-page":"632","article-title":"Computer Security Incident Response Teams (CSIRTs)","volume":"3","author":"Panko","year":"2012","journal-title":"Handb. Comput. Netw."},{"key":"ref_13","first-page":"3","article-title":"Proposed Integrated Framework for Coordinating Computer Security Incident Response Team","volume":"1","author":"Bhaskar","year":"2005","journal-title":"J. Inf. Priv. Secur."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Fuertes, W., Reyes, F., Valladares, P., Tapia, F., Toulkeridis, T., and P\u00e9rez, E. (2017). An Integral Model to Provide Reactive and Proactive Services in an Academic CSIRT Based on Business Intelligence. Systems, 5.","DOI":"10.3390\/systems5040052"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1007\/978-3-030-01177-2_18","article-title":"Role of Digital Fluency and Spatial Ability in Student Experience of Online Learning Environments","volume":"1","author":"Tchoubar","year":"2019","journal-title":"Adv. Intell. Syst. Comput."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"873","DOI":"10.1016\/j.future.2019.02.034","article-title":"Calculating the trust of providers through the construction weighted Sec-SLA","volume":"97","author":"Silva","year":"2019","journal-title":"Futur. Gener. Comput. Syst."},{"key":"ref_17","first-page":"2178","article-title":"Information security models and metrics","volume":"Volume 2","author":"Wang","year":"2005","journal-title":"Proceedings of the 43rd Annual Southeast Regional Conference on-ACM-SE 43"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"124","DOI":"10.1016\/j.cose.2004.07.001","article-title":"Analysis of end user security behaviors","volume":"24","author":"Stanton","year":"2005","journal-title":"Comput. Secur."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Henning, R.R. (1999, January 1). Security service level agreements: Quantifiable security for the enterprise?. Proceedings of the New Security Paradigm Workshop, New York, NY, USA.","DOI":"10.1145\/335169.335194"},{"key":"ref_20","first-page":"176","article-title":"Issues in IT Service-Oriented Requirements Engineering","volume":"13","author":"Lichtenstein","year":"2005","journal-title":"Australas. J. Inf. Syst."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"448","DOI":"10.1016\/j.cose.2005.03.008","article-title":"Information security policy\u2019s impact on reporting security incidents","volume":"24","author":"Wiant","year":"2005","journal-title":"Comput. Secur."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"105","DOI":"10.1002\/jip.31","article-title":"A classification of computer security incidents based on reported attack data","volume":"2","author":"Kjaerland","year":"2005","journal-title":"J. Investig. Psychol. Offender Profiling"},{"key":"ref_23","unstructured":"Wiik, J., and Gonzalez, J.J. (2009, January 26\u201330). Chronic Workload Problems in CSIRTs. Proceedings of the 27th International Conference of the System Dynamics Society, Albuquerque, NM, USA."},{"key":"ref_24","unstructured":"Skierka, I., Morgus, R., Hohmann, M., and Maurer, T. (2015). CSIRT Basics for Policy-Makers. Researchgate , 1\u201328. Available online: https:\/\/www.researchgate.net\/publication\/323358187_CSIRT_Basics_for_Policy-Makers."},{"key":"ref_25","first-page":"1","article-title":"Common challenges faced during the establishment of a CSIRT","volume":"1","author":"Grobler","year":"2010","journal-title":"2010 Inf. Secur. South Afr."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"De Cusatis, C., Bavaro, J., Cannistraci, T., Griffin, B., Jenkins, J., and Ronan, M. (2021, January 27\u201330). Red-blue team exercises for cybersecurity training during a pandemic. Proceedings of the 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA.","DOI":"10.1109\/CCWC51732.2021.9376016"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Bresch, C., Michelet, A., Amato, L., Meyer, T., and Hely, D. (2017, January 3\u20135). A red team blue team approach towards a secure processor design with hardware shadow stack. Proceedings of the 2017 IEEE 2nd International Verification and Security Workshop (IVSW), Thessaloniki, Greece.","DOI":"10.1109\/IVSW.2017.8031545"},{"key":"ref_28","first-page":"101","article-title":"Innovation in defense for crisis management: Red teams and blue teams","volume":"1","author":"Meszaros","year":"2020","journal-title":"Rev. Def. Natl."},{"key":"ref_29","first-page":"156","article-title":"Proposition of Model for CSIRT: Case Study of Telecommunication Company in a Province of Iran","volume":"9","author":"Naseri","year":"2012","journal-title":"Int. J. Comput. Sci. Issues"},{"key":"ref_30","unstructured":"Wiik, J., and Gonzalez, J.J. (2009, January 26\u201330). Persistent Instabilities in the High-Priority Incident Workload of CSIRTs. Proceedings of the 27th International Conference of the System Dynamics Society, Albuquerque, NM, USA."},{"key":"ref_31","unstructured":"Bieker, F., Friedewald, M., Hansen, M., Obersteller, H., and Rost, M. Privacy Technologies and Policy. Proceedings of the Proceedings of the 4th Annual Privacy Forum, (APF 2016)."},{"key":"ref_32","unstructured":"Wiik, J., and Gonzalez, J.J. (2005, January 1). Limits to Effectiveness in Computer Security Incident Response Teams. Proceedings of the 23rd International Conference of the System Dynamics Society, Boston, MA, USA."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Khan, R., Khan, S.U., Zaheer, R., and Khan, S. (2012, January 17\u201319). Future internet: The internet of things architecture, possible applications and key challenges. Proceedings of the 10th International Conference on Frontiers of Information Technology, Islamabad, Pakistan.","DOI":"10.1109\/FIT.2012.53"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Mahmoodi, Y., Reiter, S., Viehl, A., Bringmann, O., and Rosenstiel, W. (2018, January 29\u201331). Attack Surface Modeling and Assessment for Penetration Testing of IoT System Designs. Proceedings of the 2018 21st Euromicro Conference on Digital System Design (DSD), Prague, Czech Republic.","DOI":"10.1109\/DSD.2018.00043"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1109\/MSP.2014.89","article-title":"Computer Security Incident Response Team Development and Evolution","volume":"12","author":"Ruefle","year":"2014","journal-title":"IEEE Secur. Priv. Mag."},{"key":"ref_36","first-page":"211","article-title":"Improving the Effectiveness of CSIRTs","volume":"158","author":"Search","year":"2015","journal-title":"Glob. Cyber Secur. Capacit. Cent."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Elhissi, Y., and Haqiq, A. (April, January 30). Information system at the Moroccan University: A business intelligence tool for management and communication of scientific research. Proceedings of the 2016 International Conference on Information Technology for Organizations Development (IT4OD), Fez, Morocco.","DOI":"10.1109\/IT4OD.2016.7479286"},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1109\/MSP.2014.85","article-title":"An Organizational Psychology Perspective to Examining Computer Security Incident Response Teams","volume":"12","author":"Chen","year":"2014","journal-title":"IEEE Secur. Priv. Mag."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Oh, S.-R., and Kim, Y.-G. (2017, January 13\u201315). Security Requirements Analysis for the IoT. Proceedings of the 2017 International Conference on Platform Technology and Service (PlatCon), Busan, Korea.","DOI":"10.1109\/PlatCon.2017.7883727"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Kowtha, S., Nolan, L.A., and Daley, R.A. (2012, January 13\u201315). Cyber security operations center characterization model and analysis. Proceedings of the 2012 IEEE Conference on Technologies for Homeland Security (HST), Waltham, MA, USA.","DOI":"10.1109\/THS.2012.6459894"},{"key":"ref_41","unstructured":"Janos, F.D., and Dai, N.H.P. (2018, January 17\u201319). Security Concerns towards Security Operations Centers. Proceedings of the 2018 IEEE 12th International Symposium on Applied Computational Intelligence and Informatics (SACI), Timisoara, Romania."},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"101656","DOI":"10.1016\/j.cose.2019.101656","article-title":"LiSRA: Lightweight Security Risk Assessment for decision support in information security","volume":"90","author":"Schmitz","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Valladares, P., Fuertes, W., Tapia, F., Toulkeridis, T., and Perez, E. (2017, January 9\u201312). Dimensional data model for early alerts of malicious activities in a CSIRT. Proceedings of the 2017 International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), Seattle, WA, USA.","DOI":"10.23919\/SPECTS.2017.8046771"},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Marinos, L. (2006, January 20\u201322). Risk management and risk assessment at ENISA: Issues and challenges. Proceedings of the First International Conference on Availability, Reliability and Security (ARES\u201906), Vienna, Austria.","DOI":"10.1109\/ARES.2006.112"},{"key":"ref_45","first-page":"92","article-title":"ISO\/IEC 27000, 27001 and 27002 for Information Security Management","volume":"04","author":"Disterer","year":"2013","journal-title":"J. Inf. Secur."},{"key":"ref_46","first-page":"10","article-title":"File Security based on Pretty Good Privacy (PGP) Concept","volume":"4","author":"Kamarudin","year":"2011","journal-title":"Comput. Inf. Sci."},{"key":"ref_47","unstructured":"Uyana, M., and Escobar, M. (2021, August 15). Respuestas Ante Incidentes De Seguridad Inform\u00e1ticos (Csirt). Available online: http:\/\/repositorio.espe.edu.ec\/bitstream\/21000\/8123\/1\/AC-GSR-ESPE-047639.pdf."},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Rocha, A., Mohammed, S., and Felgueiras, C. (2016). Europe and MENA Cooperation Advances in Information and Communication Technologie, Springer.","DOI":"10.1007\/978-3-319-46568-5"},{"key":"ref_49","unstructured":"Wiik, J., Gonzalez, J.J., and Kossakowski, K.-P. (2021, August 15). Effectiveness of Proactive CSIRT Services. Available online: https:\/\/www.researchgate.net\/publication\/221002694_Effectiveness_of_Proactive_CSIRT_Services."}],"container-title":["Computers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-431X\/10\/8\/102\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T06:47:16Z","timestamp":1760165236000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-431X\/10\/8\/102"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,8,19]]},"references-count":49,"journal-issue":{"issue":"8","published-online":{"date-parts":[[2021,8]]}},"alternative-id":["computers10080102"],"URL":"https:\/\/doi.org\/10.3390\/computers10080102","relation":{},"ISSN":["2073-431X"],"issn-type":[{"type":"electronic","value":"2073-431X"}],"subject":[],"published":{"date-parts":[[2021,8,19]]}}}