Setting up an Security Incident Response Team (SIRT) is a challenging job.
Things To Keep In Mind:
1.Organization's IT assets and required security measures
2.Log of earlier attacks gives an idea on vulnerable assets and attacks areas
3.Organization's growth and possible immediate future technology threats for them
4. Figuring out major skill sets required in team
5.Ensuring all key departments are present or well-connected in SIRT - Legal,HR,Training,Support,Forensic,Network Analyst,Audit,External support etc.
6.Monitoring is key - Making sure you can identify the incident almost immediately leaves assets very little damaged
Responsibilities of SIRT:
SIRT reports directly to the highest levels of authority at the organization, they own a high stake of protecting the organizational assets. They can often overrule other instructions to handle incidents and protect assets, such is their role. Here are a few:
1.Handle Incidents
2.Protect Information Assets
3.Compliance check
4.Legal checks while dealing with the incidents
5.Monitor and detect incident
6.Restrict the attacks threats and harm to assets i.e. Minimize loss(including reputation)
7.Interpret/Analyse loss due to incident
8.Form and Update policies,procedures to protect asset
9.Treat the incident and revert safe operations again
Incident Response Fundamentals
Prepare - Prepare for an incident, don't wait for it. SIRT and you should be well acquainted with tools
Identify - Monitor and identify the incident and all affected assets or information. Report, send alerts if necessary.
Contain/Isolate - Limit the losses to a minimum by barring the attacks. Isolate the affected assets to resume operations.
Eradicate/Cure - Treat the affected assets and render them harmless or replace if necessary and resume full operations
Recover - Incident needs to be tracked,escalated when required and treated unless complete recovery happens.
Comments