Effective shift transitions are crucial for cybersecurity incident response teams, yet there is limited guidance on managing these handovers. This exploratory study aimed to develop guidelines for such transitions through the analysis of existing literature and consultation with practitioners. Two draft guidelines (A and B) were created based on existing literature and online resources. Six participants from the UK and international incident response teams, with experience in shift handovers, were interviewed about handover structure, challenges, training practices, and their views on the draft guidelines. The collected data indicate the importance of signposting, evolving handover procedures, individual differences in handover style and detail, and streamlining the handover procedure. Participants agreed the drafts included all relevant details but suggested adding a post-incident review section and a service section for outages or technical difficulties. This study establishes a foundation for enhancing transition practices in cybersecurity incident response teams.
翻译:有效的轮班交接对于网络安全事件响应团队至关重要,但目前关于此类交接管理的指导原则十分有限。这项探索性研究旨在通过分析现有文献并咨询从业人员,为此类交接制定指导原则。基于现有文献和在线资源,我们创建了两份指导原则草案(A和B)。研究访谈了六位来自英国及国际事件响应团队、具有轮班交接经验的参与者,内容涵盖交接结构、挑战、培训实践以及他们对草案指导原则的看法。收集的数据表明:交接指引标识的重要性、交接流程的持续演进、交接风格与详略程度的个体差异,以及精简交接流程的必要性。参与者一致认为草案包含了所有相关细节,但建议增加事后复盘环节以及针对服务中断或技术故障的服务模块。本研究为改进网络安全事件响应团队的交接实践奠定了基础。