Reply back to this discussion. The cybersecurity incident response team (CSIRT) is one of the most important
Question:
Reply back to this discussion.
The cybersecurity incident response team (CSIRT) is one of the most important IT security teams in the organization. The main scope of the CSIRT team is to coordinate and support the response to any events or incidents that may occur in the organization related to computer security. The team is also responsible for investigating and analyzing any incidents that fall under their scope of responsibilities. Additionally, the team has role in the organization to develop and maintain an incident response plan. In my experience, a CSIRT team member needs to highly skilled and knowledgeable in all aspects of IT and specifically in aspects of IT security. Additionally, a team member needs to have the following skill set. Communication skills, which are key to working successfully on a team and being able to articulate the necessary information to management when reporting on incidents that have occurred. Problem solving skills and organizational skills are key to CSIRT team member as incidents can be very problematic or even very difficult to comprehend at times. A great CSIRT team member will need to be able to quickly assess a situation and deduce the cause of the issue while maintain a clear and informed chain of events. These notes need to be organized to recall them consistently over time. Some additional skills include trustworthiness, discretion, and the ability to handle stress. This position needs a person that honest and loyal to the organization as it can literally be the health of the company on the line during some security incidents. Knowing this information can also be detrimental to the organization, considering if some information were leaked outside the company, it really hurt the organization by losing public trust or just lower their reputation. Considering this alone we can see why a person would need to be well suited to handle high amounts of stress.
Some factors to consider when setting up a CSIRT team are not unlike setting up other cross functional teams in most respects. First and foremost, we are looking for talented individuals to build a CSIRT team. Considering the responsibilities of the team we would need some roles like a team manager, an investigator, someone in communications, a legal person, and even someone in Human Resources (HR). In some organizations we can find these individuals in-house, which means we would just have some employees consider dual roles to include them into the CSIRT team. The Incident Manager would most likely be someone in IT security for the company already. Another factor to consider, however, would be to create a team in house or outsource the responsibilities to another party. Which ever road is taken one of the first tasks that will need to be completed would be the creation of the Incident Response (IR) plan. This will really help with finer details of how the CSIRT will operate, it may even assist with shining light on weak points in the team itself that can be mitigated along the way.