QUESTION & ANSWER

CIRT is an essential security strategy for every Indian organization

By Dhwani Pandya, Principal Correspondent 08 Oct 2009 | SearchSecurity.in

Enterprise IT tips and expert advice Digg This!     StumbleUpon     Del.icio.us

SearchSecurity.in: Is a computer incident response team (CIRT) necessary for every organization?
Anil Sagar: Incident response capability is essential to quickly detect incidents, minimize losses, reduce damage, mitigate exploited weaknesses, and restore computing services. Incident response management helps enterprises to manage risks and sustain an organization's computing environment, as well as conduct appropriate response actions.

Incident response services can be provided internally by security or network operators. Alternately, it may be outsourced to managed security service providers (MSSPs). An organization's computer security incident response team (CSIRT) can also provide and manage these services.

Although not compulsory, it's recommended that every organization has a computer incident response team. This aids quick recovery and ensures minimal damage from a security incident. Such a team ensures that the organization complies with legal requirements, protects its resources, and sustains business activities.

SearchSecurity.in: What are the factors that go into the formation of a computer incident response team?
Sagar: The CISO is responsible for an organization's CIRT formation and incident response management coordination. Establishing an incident response capability includes the following:

• Create an incident response policy and plan.
• Develop procedures to perform incident handling and reporting, based on the incident response policy.
• Set guidelines to communicate with outside parties regarding incidents.
• Select a team structure and staffing model.
• Establish relationships between the incident response team and other groups — both internal (for example, the legal department) and external (such as law enforcement agencies).
• Determine services to be provided by the incident response team.
• Staffing and training the incident response team.

Factors to be kept in mind while forming a CIRT While forming a CIRT, an organization needs to keep the following factors in mind: * Mission statement: High-level goals, objectives and priorities. * Constituency: Constituency type and relationship with the constituency. * Place in the organization: Position within the organizational structure (particularly within risk management). * Relationship to others: Setting (inter)national CSIRT cooperation, coordination and other interactions.

SearchSecurity.in: Can you share some best practices on how an organization's computer Incident response team reacts to an incident?
Sagar: The incident response process has several phases -- from initial preparation to post-incident analysis. The initial phase involves establishment and training of an incident response team, along with the acquisition of necessary tools and resources.

During preparation, the organization also attempts to limit the number of incidents that occur by selecting and implementing a set of controls based on the results of risk assessments. However, residual risk will inevitably persist after implementation of the controls. Furthermore, no control is foolproof. So detection of security breaches is necessary to alert the organization whenever incidents occur. In keeping with the incident's severity, the organization can act to mitigate the incident's impact through containment and recovery. After adequately handling the incident, the organization issues a report that details the incident's cause and cost, as well as the steps that organizations should take to prevent future incidents.

Tags: Incident response management best practices,  Enterprise risk management strategies,  Business compliance management,  Risk Management Strategies,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Incident response management best practices Improving regulatory compliance management through log analysis, SIEM The TCS Website hack: Don't let your company join the list SIEM systems streamline compliance processes, offer security benefits First step in forensics: Create a bootable Windows environment CD Nishith Desai Associates keeps business risk at bay with infosec Managed security service for risk management: The Kotak Mahindra story Best practices to tackle (small) botnets CISO reporting to board of directors: Myth or for real? Business Model for Information Security: Security right the first time 9 ways to improve application security after an incident Enterprise risk management strategies Noted cryptographer on SSL, encryption and cloud computing What's a risk management strategy worth to your S&P credit rating? ISO 27001 certification: Preparation in four steps Two factor authentication gets token agnostic at Central Bank of India Considering two-factor authentication? Do cost, risk analysis PCI tokenization push promising but premature, experts say Clientless SSL VPN vulnerability and Web browser protection Information rights management helps L&T protect its knowhow Cloud Security Alliance releases top cloud computing security threats Voice data security risks on the rise, say experts Business compliance management Noted cryptographer on SSL, encryption and cloud computing What's a risk management strategy worth to your S&P credit rating? ISO 27001 certification: Preparation in four steps Two factor authentication gets token agnostic at Central Bank of India PCI tokenization push promising but premature, experts say Information rights management helps L&T protect its knowhow Voice data security risks on the rise, say experts Firewall audit tools aid compliance Interest in data leakage protection, event log management rises Improving regulatory compliance management through log analysis, SIEM

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary knowledge process outsourcing (KPO)  (SearchSecurityIN.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary