Search “scholar.google.com” or your textbook. Discuss ways organizations have built a CSIRT. What are the components to building an effective and successful CSIRT team?
Every organization specially build CSIRT team, team also known as security response team or incident team. CSIR team have their own member who manages all security breach incidents, organization send them report and CSIRT works further to provide the resolution. There are sevral roles and responsibilities which are manages by CSIRT members, below are few roles in CSIRT:
1. Manager: The role of manager manages whole team and be in contact with organization’s security team, if there is any breach manager will be the first person of contact and provide the information to team lead to distribute the work and provide the resolution.
2. Team lead, or Supervisor: team lead gets the incident report and assign them to incident manager to do deep analysis or to provide root cause for the same.
3. Incident Manager: Incident manager also provide their analysis or take analyzers’ help to get root cause and provide solution at the earliest.
4. Analyzer: Analyzers analyze the assigned incident and prepare a report based on the analysis.
5. Technical Staff: technical staff provide technical expertise for the incidents, and if necessary they provide work around of the incident and provide the resolution at the earliest.
6. Trainers: Trainers train the users as well as to employees and increase the awareness about security breach, policies, and platform used for security.
There are several pre-requisites before building the CSIRT, there will be several factors such as legal team, higher management, funding or finances, and environment which decide the implementation of the CSIRT (Roderick Mooi, Reinhardt A. Botha, 2015). Every area should be properly analyzed for successful implementation, there will be internal CSIRT, as well as external CSIRT and both team coordinates based on the requirement. Daily report will be made by internal security team and if there is breach then both team will work together to resolve the incidents.
CSIRT is a short form for Computer Security Incident Response Team. This is an organization that helps IT companies, businesses, government organizations, institutions, universities, and others which handles computer operations to resolve the issues of security breaches, cyber-attacks, etc. CSIRT organization protects the data from hackers by analyzing the problem. There are several employees formed as a team in CSIRT to reach out to many users for resolving their problems. If any problem occurred in an organization, they take up the issue to the team and the team analyzes the reports and resolves the problem quickly (Kácha, 2010).
CSIRT organization hires people who have problem-solving skills, listening skills, focus, and communication skills and they are categorized into three main groups of services. The CSIRT would include all the issues and would maintain the best team for having the best organization and maintain the success further and include working with IT or other organizations to make secure or compact systems and the CSIRT will have various training teams for training the employees. . CSIRT helps to handle the incidents by determining the nature of the incident. They will understand the technical cause of the incident and identify other threats resulting from an incident. Later, they recommend the solutions by researching about the incident properly. A CSIRT also recommends solutions like security configurations, strategies to protect the data and network (Horne, 2014).
It is extremely helpful for an organization to recruit a CSIRT team to avoid vulnerable attacks. Each and every organization is facing problems regarding data destruction, fear of cyber-attacks, hackers accessing the personal or organizational systems. A CSIRT team helps in the timely resolution of problems and gives security measures to prevent future attacks. CSIRT organizations need to build their team very carefully and effectively to be a successful CSIRT. The team should be a friendly team. Each and every team member should understand the roles and responsibilities to work effectively. There should be an executive for the CSIRT organization who can communicate the impact of the incident to the team and as well as to the board members. He also has the responsibility to cross-check the response they need to give for the incident. There should be an incident manager to find and understand the incidents before he communicates to incidents to the company. Like this, there are several other components that help in building an effective CSIRT team (Marthie, 2010).
Its a Discussion and two replies for above question
i need everything in separate documents as 1st document should be discussion , 2nd document should be reply 1 and 3rd document should be reply 2.make sure no turnitin and no plagarism please dont copy it from any source write in your own words.