What is a Security Incident Response Team?
Security incident response team, according to Rhodes-Ousley (2013), is a panel made by combining employees from different departments in an organization to respond to a security incident or emergency (p.158). Incidents that a response team can handle include:
Incidences Handled by a Security Incident Response Team
Responding to unauthorized intrusions. When the company’s network is compromised, incident response team works fast to resolve the intrusion, prevent further loss or damage of data and recover either the network or the compromised system (Rouse, 2012).
Malware, Hostile Programs or Virus
Resolving massive spread of malware, hostile programs or virus is another common role carried out by this team. When hostile programs enter a network or a company’s computer system, the incident response team is called to design a containment and recovery process.
Data Integrity and Confidentiality
Most companies have access levels and policies that must strictly be prescribed and followed in order to maintain data integrity and confidentiality. When an employee or a group of employees breach these policies or gain unauthorized access to confidential data, an incident response panel is created to oversee the investigations and generate a report about the breach.
Natural Disasters Affecting Business Operations
A security incident response team is not only responsible for security matters but also disasters that could harm business continuity (CERT, n.d.). For example, if a network goes out because of either man made or natural disasters, the team have to come up with a plan to resolve the issue as fast as possible so as to resume the normal business operation within a short time. They also work together to fix system crashes and application failures. Finally, the team handles illegal activities like piracy and breach of copyrights.
CERT (n.d.). CSIRT Frequently Asked Questions (FAQ). Retrieved from http://www.cert.org/incident-management/csirt-development/csirt-faq.cfm?
Rhodes-Ousley, M. (2013). Information Security: The Complete Reference (2nd ed.). New York, NY: McGraw-Hill.
Rouse, M. (2012). Computer Security Incident Response Team (CSIRT). Retrieved from http://whatis.techtarget.com/definition/Computer-Security-Incident-Response-Team-CSIRT.