In a constantly changing environment, a Computer Security Incident Response Team (CSIRT) has to evolve over time in order to sustain or improve its effectiveness. The main task of a CSIRT is to help victims mitigate the effects of computer security incidents. A frequently identified problem for a CSIRT is that they are overworked, understaffed and under funded. In this paper, we present a conceptual model of such conditions based on a case study. The model is a first attempt to understand the main factors influencing a CSIRT’s ability to handle computer security incidents effectively, and to identify ways to improve their overall effectiveness. Based on theory from process improvement and information from the case study, we have identified that short-term pressure from a growing incident workload prevents any attempts for developing more response capability long-term. Fundamental solutions to solve this problem will typically involve a worse-before-better trade-off for management.