2019 Volume 37 Issue 1 Pages 13-23
Cybersecurity incidents can have severe consequences for individuals, businesses, national security and even democracy. Since 1988, CSIRTs served as initial responders to those threats. However, CSIRT's roles and responsibilities are not well understood by actors of cybersecurity governance. Part of this is attributed to cyber regime complex. To understand CSIRTs community, previous researchers proposed various definitions of CSIRTs, but some of them are no longer valid because of the changing nature or cybersecurity. In this paper, we conceptualize CSIRTs by using three different lenses: aim, function and culture. We concluded that CSIRTs are organizations aiming to provide relief and recovery to the victims, having incident response as a function, and pursuing reciprocity as an organizational culture. We also argue that the reciprocity is a key concept, as it distinguishes CSIRTs from other cybersecurity governance regimes.