GFCE Cybersecurity Knowledge Modules

KM3 - Cyber diplomacy and international cooperation
Module objectives
1. Risks for international peace and cyber-stability
3 Topics
1.1 Cyber-attacks and geopolitics
1.2 Cyber as part of hybrid warfare
1.3 Cyber-armament
2. Towards an international agreement
4 Topics
2.1. Framework for responsible state behaviour in cyberspace
2.2. Applicability of international law
2.3. Norms, confidence building measures, and capacity building
2.4 Broader context
3. International cooperation
4 Topics
3.1. The United Nations
3.2. Other multilateral forums
3.3. Regional efforts
3.4. Multistakeholder efforts
4. Cyber diplomacy
5. Main takeaways
6. Assignment
1 Quiz
KM3 Quiz
KM4 - Cyber Incident Management
Module objectives
1. Introduction
2. Types of Cyber Incident Response Teams
5 Topics
2.1. National Computer Security Incident Response Team
2.2. Product Security Incident Response Team
2.3. Sector CSIRTs
2.4. Security Operation Centre
2.5. Commercial CSIRT
3. What needs to be considered when establishing a National CSIRT?
2 Topics
3.1. CIRT framework
3.2. How to set up CSIRT and SOC
4. How to assess cyber incident readiness
3 Topics
4.1. Security Incident Management Maturity Model (SIM3)
4.2. Security Operation Centre Capability and Maturity Model (SOC-CMM)
4.3. CSIRT Maturity – Self-assessment Tool
5. Which services do the CSIRTs offer?
2 Topics
5.1. FIRST CSIRT services framework
5.2. ITU-T Recommendation X.1060 service categories
6. Who does the CSIRT serve?
7. Which Tools does a CSIRT need?
8. Policies, frameworks, and guidelines
9. Resourcing and funding a CSIRT
1 Topic
9.1. What does a CSIRT Budget look like?
10. CSIRT capabilities
3 Topics
10.1. Training and certification
10.2. Auditing
10.3. Cyber drills
13. Main takeaways
14. Assignment
1 Quiz
KM4 Quiz
2 of 5
Previous Lesson
Next Lesson

9.1. What does a CSIRT Budget look like?

GFCE Cybersecurity Knowledge Modules 9. Resourcing and funding a CSIRT 9.1. What does a CSIRT Budget look like?

An initial budget of the CSIRT is drawn up in the initial phase of the CSIRT establishment.  The ENISA guide on How to set up CSIRT and SOC recommends that the budget for the initial year should cover at least:

  • Initial staff salaries,
  • Facility establishment costs,
  • Salaries or consultancy service fees for creating the design stage results,
  • CSIRT skills acquisition recruitment and training, and
  • Preliminary technology and licences.

Indicative costs for setting up a CSIRT for 2020

Budget ItemAverage cost per year
CSIRT staff members (including managers) EUR 40 000–60 000 
Minimum three staff members depending on the constituency size and mandate, CSIRTs typically employ the following numbers of staff: small – 3–7, medium – 10–15, large – 30–60.EUR 120 000–180 000
12 additional employees (six teams of two staff members to cover 24/7, with each shift covering 8 hours) if required to provide operations 24/7 for 365 days a yearEUR 480 000 
Office rental per staff member per yearEUR 3 000–4 000 
Staff training and conference attendance per person per yearEUR 3 000–10 000
Depending on the scope, consultancy services for the establishment of a CSIRT (design and implementation) EUR 75 000 -1 000 000 (over a 1- 3-years)
Hardware, networking and specialised equipment for performing specific CSIRT operations (use of cloud services reduce initial investments in hardware)EUR 100 000–300 000 
Software and software services (open-source solutions may reduce costs)EUR 50 000
Note: Cost estimates are done for illustrative purposes only and do not depict any particular country.
Source: How to set up CSIRT and SOC, ENISA

Reflection point

The ENISA guide: How to set up CSIRT and SOC states that “The discrepancy between the detailed mandate and the budget is a common reason why CSIRTs do not fulfil their mandate.”

– Where does the national CSIRT derive its mandate?

– What are the sources of funding for the national CSIRT in your country?

– Which funding model is used in your country?

– What are the initial and operating budget considerations?

Leave your comment below.

Previous Lesson
Back to Lesson
Next Lesson

New post

Your email address will not be published. Required fields are marked *

Post a comment
Skip to content