The chapter discusses the purpose, function, skills, abilities, and operating procedures associated with a computer security incident response team (CSIRT). The team is made up of IT professionals whose duty is prevent, manage, and coordinate possible cybersecurity-related emergencies (Whitman, Mattord, & Green, 2013). Its members coordinate their operations with the goal of recovering control information assets at risk, identifying the root cause of the incident, and preventing repeat occurrences. They are available to respond to computer security events whenever they occur in their respective organizations. The CSIRT team offers three main groups of services, including reactive, proactive, and security quality management services (Hathaway, 2014). The first step towards building an effective team is to obtain support and buy-in from the top management. Leaders who understand the benefits of the process are likely to provide enough resources towards its success. The second step is to determine a suitable strategic plan for the CSIRT team, mainly a plan of things that should be addressed. The next step is to collect relevant information in order to create a solid vision that will guide members toward information system security. The vision and operation plan is then conveyed or communicated to the relevant team members. This is followed by implementation and evaluation of its effectiveness in managing and coordinating security incidents. Organizations should also have strong leaders to oversee the team’s operations and deliver constant reports to the executive team. Members should have clear roles and responsibilities on each of the potential threats and incidents.
Question:
What factors should an organization consider when deciding whether to implement a centralized or distributed CSIRT?
References
Hathaway, M. (2014). Best practices in computer network defense. New York: IOS Press.
Whitman, M., Mattord, H., & Green, A. (2013). Principles of incident response and disaster recovery (2nd ed.). New York: Cengage Learning.