Discussion + response+ APA

CSIRT provides a rapid response to the computer security incident report, which ensures the maximum impact on your business. CSIRT is based on cooperation and partnership with all departments to help business owners to manage computer security incident report and quickly respond to this incident report.  It must be equipped with modern communication, information technology (IT), and cyber operations. CSIRT provides expert knowledge and solutions to reduce the cost of protection from different cyber-attacks and provide support and security from the security infrastructure.  Incident response is a term for a wide variety of disciplines and techniques used to prevent, detect, respond to, and recover from a security incident. The term originates in the computer security community, where it refers to the activity of responding to a computer security incident. While the term is used almost exclusively in computer security, the term can be applied to other areas as well, such as physical security and information security. It is often used to contrast it with forensics, the practice of using methods to investigate and reconstruct events surrounding an incident.  It is expected that different parts of a CSIRT are to utilize and share security information regularly. These activities include for example, meetings with stakeholders, holding security events, or the dissemination of the CSIRT's security standards and recommendations through web and email updates. The security standards of the CSIRT should be readily available for reference to anyone that needs to use them.                      (Johansen, 2020). 

In a CSIRT, the most vital task is to identify and eliminate threats. These are the types of issues to worry about that affect your organization. CSIRT needs to identify security policies and weaknesses that might lead to a security breach. For example, a security weakness can be network vulnerability. The attack and security breaches that occur during the incident response is what CSIRT does. CSIRT will be able to prevent the attack and the security breach, but cannot detect the attack and the security breach. Hence, CSIRT cannot identify the attack and the security breach. Therefore, the attack and the security breach can be eliminated with CSIRT’s support, and prevent further issues in an organization. CSIRT also performs an investigation to identify the causes, effects, and the reasons of the incident. The investigation can be conducted to detect and remove any threats. An investigation can be conducted before the attacks and the security breach occur.  (Khan, 2020).