Does Your Company Have A Computer Incident Response Team (CIRT)?


Computer Incident Response Team is an expert group that handles computer security incidents. Whenever a new technology arrives, it is invariably dogged by misuse like the first worm in the IBM VNET and Morris Worm that hit Internet and paralyzed it. This led to the formation of the first Computer Emergency Response Team at Carnegie Mellon University under U.S. Government contract. With the massive growth in the use of Information and Communications Technologies thereafter, the Computer Incident Response Team (CIRT) has come to stay as an essential part of large organizations.

No matter how well your network is protected, there are always incidents you are not prepared to deal with, by yourself. It may be because the problem is beyond your technical know-how for the necessary action to be taken. Security policy of a company is not complete until procedures are put into place for the handling and recovery from the incidents. The best solution is to include a Computer Incident Response Team (CIRT) within the company’s incident response procedures.

What is a Computer Incident Response Team (CIRT)?

A Computer Incident Response Team (CIRT) is a group of people who can promptly and correctly handle an incident. A Computer Incident Response Team (CIRT) can quickly contain, investigate and recover from an incident that poses a threat to the security of an organization. A Computer Incident Response Team (CIRT) is usually comprised of members from within the company. A Computer Incident Response Team (CIRT) must have people with the authority to make decisions and take actions.

Who constitute a Computer Incident Response Team CIRT?

Depending on the needs and resources of the company a Computer Security Incident Response Team (CIRT) is constituted.

Members in a Computer Security Incident Response Team (CIRT):

Management: A member of upper level management on the Computer Security Incident Response Team can make the big decisions, and be an effective resource involved in evaluating security, selecting a team, developing a policy and exercising the plan during an incident based on input from the members of the team.

Information Security: They are the trained personnel in the area of handling electronic incidents with an ability to handle a multitude of incidents. An Information Security member on the Computer Security Incident Response Team can assess the extent of the damage and execute containment, basic forensics and recovery.

IT Team: In the event of an incident, the IT team on the Computer Security Incident Response Team knows where the data can be accessed or discovered before the evidence or the corrupt database is over written and replaced from a back up.

The IT/MIS: The IT/MIS on the Computer Security Incident Response Team can assist the Information Security team with technical matters if required.

IT Auditor: The IT Auditor tracks the incident and works with IT/security conducting post-incident reviews to avoid problems in the future.

Security: The Security on the Computer Security Incident Response Team can assess any physical damage, investigate physical evidence and guard evidence during a forensics investigation to maintain a chain of evidence.

Attorney: An attorney on the Computer Security Incident Response Team is useful for supplying them with legal advice on the usability of any evidence collected during an investigation and also provide advice regarding liability issues that affect customers, vendors or the general public.

Human Resource: Many incidents involve company employees. The Human Resource on the Computer Security Incident Response Team provides advice as to how best to handle situations when an employee is discovered to be involved.

Public Relations: The Public Relations on the Computer Security Incident Response Team communicate with team leaders, the press and stockholders to ensure an accurate understanding of the issue, the company status and current situation.

Financial Auditor: Financial Auditor on the Computer Security Incident Response Team has the hardest job to do when an incident occurs putting a monetary figure that has occurred as a result of an incident for insurance companies and to press charges under the National Information Infrastructure Protection Act.

Some managers may not opt to create a team and prefer outsourcing professionals when an incident occurs. For them creating a Computer Incident Response Team may not be the best solution for every company, but it can prove to be an invaluable tool. Computer Incident Response Team improves the response time to any computer based problems an organization may face.

Data Triage’s Computer Incident Response Team helps the organizations which has become the victim a of security breach. CIRT team captures and isolates evidence while restoring services efficiently. Steps are taken to insure the evidence is preserved for possible litigation or legal compliance.

Tags: , , ,

Leave a Reply

You must be logged in to post a comment.