Computer Security Incident Response Team
Forming an Incident Response Team (IRT) in the 1990s can be a daunting task. Many people forming an IRT have no experience with doing this. This explains the role an IRT may play in the community, and the issues that should be addressed both during the formation and after commencement of operations. It may be of benefit to existing IRTs as it may raise awareness of issues not previously addressed.
Why do I Require a IRT?
Why should there be an Incident Response Team?. This question, although obvious, is crucial. There may be many answers, all of which are equally valid. Ultimately, it is the answer to this question that will earn the respect and cooperation of the constituency.
Possible answers include:
- a local team that understands local issues;
- a team that operates in the same time zone as the constituency;
- separate security services from the network providers;
- to increase the security of the constituent's computer systems;
- to educate system administrators in their roles;
- to coordinate incident response at a central point;
- to scope the size of the security problem;
- to determine trends in attacks.
The lack of a clear reason for the existence of the IRT will ultimately result in a lack of support, both financially and administratively, which will lead to the demise of the team. If the constituency does not want the team, then its effectiveness will be minimised. This may lead to funding cuts, and eventual closure.
To help you with any security related issues, we have our own trained security professionals. So in case of any incident feel free to contact u and we will be happy to help you