Hi, need to submit a 1000 words essay on the topic Computer Incident Response Teams.
Download file to see previous pages…
Not only these companies would suffer from information damage, but also their clientele and reputation will nosedive in the industry.
Computer Incident Response Teams (short-form ‘CIRT’) are special teams formed for the purpose of minimizing and controlling the impact of a security breach or other computer related emergency in the company (Brussin, Cobb, &. Miora, 2003). CIRT is a also known as CERT (Computer Emergency Response Teams) and CSIRT (Computer Security Incident Response Teams) in some companies, however, they all attempt to provide security to the computer systems.
It depends on the company policy as well as the riskiness of information leakage or damage. In companies who don’t heavily rely on computer systems, a CIRT would not be of much use. However, now with most organizations keeping important information on computer systems, the need for having a CIRT is increasingly getting popular. With the increasing number of viruses, spywares, backdoors in the systems being detected, a CIRT is a necessity for an organization keeping competitive information on the computers.
Like in all business strategies before implementing them a plan needs to be created that would guide the formation of a CIRT. This plan includes all the details about the CIRT and all the information that the security team would need to know. Furthermore, this plan should be feasible in all ways and must provide a competitive business advantage. The details of the plan are given below. (RHE, 2004)
4.1 Make a Policy
First of all, a policy regarding the CIRT should be created. This would have standards, rules ad regulations and instructions as to what is to be done when the security is breached. This policy document should be given to all members of the company and must be followed exactly as mentioned in the policy. (Lucas &. Moeller, 2003)
4.2 Form the Team
Forming the Computer Incident Response Team is the most important part in this plan. Usually the team is formed on a voluntary basis. However there are certain characteristics that need to be there in a CIRT. First of all the members of the team must be extremely responsible. Since action is required to contain the emergency, the team members should also be quick to react. Another quality that the team should have is that its members must be loyal to the company and should be heroes in their own sense as their job is to save the company from a disaster. Only trustworthy people should be made a part of this team. (RHE, 2004)
After these characteristics, the team should have technical expertise to understand and resolve the situation. The team usually comprises of system and network administrators as well as information security experts. The system administrators oversee the correct response to the threat and supply the required knowledge about system resources. The network administrators are responsible for routing the network traffic though other points while closing all activity in those routes where the security has been breached. Information security officers diagnose and analyze the problem and detect the point of intrusion to try to solve it. (RHE, 2004)
The team should be kept in close coordination with each of its members at all times so that in case of an emergency all members would get notified immediately.