Discussion and Response: CSIRT
by Noria Rai
Computer security incidence response team (CSIRT) are the first respondents to security incidences and breaches in systems whenever they occur; laxity and lapses in responding may yield grave consequences. CSIRT initiatives requires cooperation from team members in time constrained environments. Having employees with other duties double up as CSIRT response team is a feasible idea that maximizes output; instead of having a full-time CSIRT job category that anticipates security and system breach, personnel from the IT department can discharge these ad hoc tasks and other duties (Whitman, 2013). The CSIRT team mainly should have good communication skills because they need to work with different people, application on daily basis when facing the security issues so they should communicate well. Also from my research I came to know that they should also make sure they should have previous experiences on how to handle all types of issues, because in companies we never know what issues can come.
Having a mix of employees who execute different tasks in an organization eases identification of potential incidences and vulnerabilities in a system. Furthermore, they can easily create and agree on approaches to address identified weaknesses in systems. Computer Efficiency Readiness Team (CERT) articulates roles for CSIRT members to enhance their mode of responding to security concerns. The responsible manager should possess excellent communication skills to address management. Furthermore, a team leader should exemplify excellent organization skill by safeguarding documentation and recording of decisions, procedures, and other key variables and metrics.
Besides, having employees double up as CSIRT members enhances their knowledge and awareness; these complement troubleshooting, problem-solving, and critical thinking. In every company the CSIRT team should understand all the business functionalities which can help them to understand how the business is going and what securities are implemented (Martins, 2019). Mainly the CSIRT team decisions are very important and whatever they decide will be followed, so definitely before making any conclusions they should analyze, mitigate and see the business impact. Training the CSIRT and hiring the right team is very essential for the company.
References
Martins, R. d., Knob, L. A., Silva, E. G., Wickboldt,J. A., Schaeffer-Filho, A., & Granville, L. Z. (2019). Specialized CSIRTfor incident response management in smart grids. Journal of Network andSystems Management, 27(1), 269–285.
Whitman, M. E., Mattord,H. J., & Green, A. (2013). Principles of Incident Response and DisasterRecovery. Cengage Learning.