Computer Security Incident Response Team Essay Example

any type of Information that someone could need to commit a crime with the information gotten. "Organizations are learning firsthand efficiently, and if it was from a vulnerability either see that a "patch" is in place, or try to figure a "fix" around the vulnerability'.

Depending on the "needs" of the company, this will decide who will be part of the response team along with if the team will be in-house, a hired professional security many, or an on an as-needed-basis. There are "motivators that will drive establishment of a SKIRTS that include: A general increase in the number of computer security incidents being reported A general increase in the number and type of organizations being affected by computer security incidents. A more focused awareness by organizations on the need for security policies and practices as part of their over-all risk management strategies.

New laws and regulations that impact how organizations are required to protect information assets. The realization that systems and network administrators alone cannot protect organizational system sets" (University, 2014). Now we have some motivations for designing the teams. But, "many questions need to be answered in designing the team, such as: What are the basic requirements for establishing a SKIRTS? What type of SKIRTS will be needed? What type of services should be offered? How big should the SKIRTS be?

Where should the SKIRTS be located in the organization? How much will it cost to implement and support the team? What are the initial steps to follow to create a SKIRTS? All good questions however, there is not a standard set of answers to these questions" (University, 2014). The main goal of

establishment of a "SKIRTS is to minimize and control the damage resulting from incidents, provide effective guidance for response and recover activities, and to work to prevent future incidents from happening" (Barr, 2012).

When establishing a SIR the following actions should be included: Creating an incident response policy and plan Developing procedures for performing incident handling and reporting Setting guidelines for communicating with outside parties regarding incidents Selecting a team structure and staffing model Establishing relationships and lines of communication between the indecent response team and other groups both internal (I. E. Gal department) and external (I. E. Law enforcement agencies).

Security - may include assessment of any physical damage, investigation of physical evidence, and guarding evidence during a forensics investigation to maintain a chain of evidence. . Attorney - to ensure the usability of any evidence collected during an investigation in the event that the company chooses to take legal action. Can also provide advice regarding liability issues in the even that an incident affects customers, vendors, and/ or the general public. 7. Human Resources - to provide advice as to how best to handle situations involving employees.

Also an accurate figure will be needed in the event the organization chooses to press charges under the National Information Infrastructure Protection Act; It is required that you are able to document at least $5,000. 00 worth of damage. " (Broking, 2001) Next the team must sit down and define the words "event" and "incident. " Once he team has been formed and everyone knows what their role will be on the team, the team must sit down and define the words "event" and "incident. "

Start with defining an event. An "event is any observable occurrence in a system or network.

Events include a user connecting to a file share, a server receiving a request for a web page, a user sending an e-mail, and a firewall blocking a connection attempt" (Paul Coonskin, 2012) are all examples of events, these don't cause the SKIRTS a lot of worries. However, adverse events do, as these are events with a negative consequence, such as system crashes, packet floods, unauthorized use of yester privileges, unauthorized access to sensitive data, and execution of mallard violation of computer security policies, acceptable use policies or standard security practices.

Examples of an incident would be an attacker commanding a bootee to send high volumes of connection request to a web server, users are tricked into opening mallard as an attachment to e-mail, files held for ransom" (Paul Coonskin, 2012) It is important that the team practices for the inevitable security breach to happen. As the team works together, the procedure will become learned and followed step-by-step as if there is a real security incident to be handled.

By working as a team, when the real incident happens, the team will be ready, know exactly how to handle the incident using the policy and procedures that have already been set up and learned by the team. Security of networks is not something that should be taken lightly by anyone that works for the organization. Human Resources by being on the SKIRTS team will have a large responsibility in seeing that employees understand and adhere to the Policies and Procedures governing computers. By educating, and bringing to every employee's

attention the need to keep the network safe and secure for the data that has been entrusted to them.