A computer security incident response team or CSIRT (pronounced “see-sirt”), for short, is responsible for exposing and averting cyber attacks that target an enterprise. It focuses on responding to security incidents, hence the name.
Other interesting terms…
Read More about a “Computer Security Incident Response Team”
No company is safe from cyber threats. In fact, in 2019, a total of 1,506 data breaches were recorded, exposing 164.68 million records. A dedicated computer security incident response team can help alleviate organizational worries about data exposure.
So what is a CSIRT exactly?
Who Are the Members of a Computer Security Incident Response Team?
A computer security incident response team has three primary members. Apart from a group of incident responders (typically security engineers and researchers), it also has media and legal advisors or experts. Their specific roles involve:
- Team leader: He or she is mostly responsible for ensuring that team members follow response protocols when an incident occurs. He or she also goes through incident analyses to update company staff who need to know about the situation.
- Incident leader: He or she coordinates with those who need to know about individual responses (typically department leaders). As such, he or she is usually the most experienced member of the team the incident occurred to.
- Supporting members: Most of them are information technology (IT) infrastructure experts. But some should also be staff managers, apart from media and legal advisors.
These staff members work together to take care of a company’s staff management, media, legal, and technical requirements.
The actual computer security incident response team takes charge of the technical aspects. They detect, control, and exterminate cyber incidents. They also recover and restore affected systems. They then explain everything they did in great detail to both the media and legal experts who explain what happened to the public (especially stakeholders) and assist in remuneration, if necessary.
What Are the Responsibilities of a Computer Security Incident Response Team?
The computer security incident response team members analyze all data about cyber incidents to develop prevention methods. If necessary, they share their insights and solutions with the rest of the company, making them part of the response process before, during, and after a cybersecurity incident occurs. Their tasks include:
- Remediating security incidents
- Detecting and taking immediate action when an incident occurs
- Providing a 360-degree view and in-depth analyses of all past incidents to come up with and implement preventive measures to avoid recurrences
- Training staff members so they can respond appropriately to new threats
- Managing security audits
- Reviewing network and system security measures to spot vulnerabilities
- Informing related departments about new technologies, policies, and protocol changes after a security incident
- Maintaining internal communications and supervising operations during and after a significant incident
- Creating and regularly updating the company’s incident response plan
- Preserving confidentiality when an incident occurs and managing sensitive data (e.g., network configurations and passwords) stored off-site
- Periodically reviewing and updating standard security protocols
What Skills Should Computer Security Incident Response Team Members Have?
It is best for all incident responders to have experience in handling security incidents, particularly in intrusion detection and threat intelligence. Those who completed incident response courses or have related certifications are preferable. Security information and event management (SIEM) experts can also be good candidates. But every member, including the media and legal advisors, must have excellent problem-solving skills. They need to curb panic in light of an incident.
