Skip to main content


Back to Resources

DCAF's CSIRT Capacity Building Methodology: Lessons learned from the Western Balkans

16 April, 2021



Computer emergency response teams (CSIRTs) are fundamentally important parts of any national cybersecurity governance framework. This report aims to support the international efforts for effective CSIRT capacity-building.

The first part of the report captures some of the main features of CSIRT capacity building and provides an overview of some of the most well-known CSIRT capacity building methodologies and approaches. The second part offers insight into DCAF’s experience from engagement with CSIRT capacity building in the Western Balkans, extrapolating key lessons learned from its own approach and offering it as DCAF’s CSIRT capacity methodology.

This paper and proposed methodology aim at supplementing the existing approaches and methodologies, and by presenting some of the cases it draws from, offers additional material to the international body of knowledge in cybersecurity capacity building.

More specifically, this paper aims to:

  • Provide an overview of existing national and governmental CSIRT capacity development methodologies
  • Define key advantages and disadvantages of methodologies identified above in the context of Western Balkans’ national and governmental CSIRTs 
  • Provide a description of the methodology DCAF has applied in CSIRT capacity development assessments in the region between 2016 and 2020
  • Define key strengths and weaknesses of DCAF’s approach
  • Provide recommendations for future improvements of methodology and CSIRT capacity building in the region