Components to building an effective and successful csirt team

Module 6 Discussion Forum
Include at least 250 words in your posting and at least 250 words in your reply. Indicate at least one source or reference in your original post. Please see syllabus for details on submission requirements.

Module 6 Discussion Question
Search "scholar.google.com" or your textbook. Include at least 250 words in your reply. Indicate at least one source or reference in your original post. Discuss ways organizations have built a CSIRT. What are the components to building an effective and successful CSIRT team?

Reply-1(Vindhya)

In the building, an effective and successful CSIRT the steps involved are as follows:

1. Buy-In and support of management are obtained: the creation of an effective incident response team becomes problematic and difficult without the support of the management. The support includes time, funding, and provision of resources to the team (D. Penedo, 2006). The important responsibility and function of the CSIRTs are obtaining managements perceptions and expectations.

2. The strategic plan of CSIRT development is determined: by dealing with the administrative issues and addressing the project management issues the development of CSIRT is to be managed.

3. Relevant information is gathered: the service needs of the organization and to determine the incident response the information is gathered. In gathering the information the resources available are inventories of assets and critical system, for enterprise the organization charts and functions of specific business, networks, and systems organizational topologies, plans of business-continuity or existing disaster recovery, the physical security breach of organization is notified by existing guidelines, existing plans of incident-management, regulations of institution or parental, and existing security policies and procedures.

4. CSIRT vision is designed: The key components of the CSIRT are identified by bringing the gathered information to incident response constituency needs. For creating, CSIRT vision the points to be followed are (Z. Yunos, 2016): Constituency identification, the goals, objectives, and mission of CSIRT are defined, CSIRT services are selected and provided to the constituency, the organizational model is determined, required resources are identified, and CSIRT funding is determined.

5. The vision of CSIRT is communicated: the operational plan and vision are communicated to constituency, management, and others involved in the operation and feedbacks are obtained. Communicating vision before implementation helps in identification of problems.

6. CSIRT implementation begins: the steps involved in implementation are the CSIRT staff is hired and trained, in supporting team the necessary infrastructure is built and equipment are bought, the initial set of CSIRT procedures and policies are developed, the specifications of incident-tracking system are defined and the forms and guidelines of incident-reporting are developed for a constituency.

7. CSIRT announcement: broadly announce to constituency when CSIRT is operational also include the operation hours and contact information.

8. The effectiveness of CSIRT is evaluated: information on effectiveness is gathered by including against other CSIRTs the benchmark, with constituency representatives the general discussions involved, on a periodic basis the surveys of evaluation are distributed to members of the constituency, and in evaluating the team the quality parameters or set of criteria created by an audit.

References:

D. Penedo (2006), Optimal Policy for Software Vulnerability Disclosure. Good practice guide for CERTs in the area of Industrial Control Systems - Computer Emergency Response Capabilities considerations for ICS.

Z. Yunos (2016), Creating and Managing Computer Security Incident Handling Teams (CSIRTs), CERT Training and Education Networked Systems Survivability Software Engineering Institute Carnegie Mellon University.

Reply-2 ( Glad)