CIRT management: Introduction

On tap: series on managing computer incident response team

The long view of security strategies for your network.

In an upcoming series of short articles, I will summarize the key points in creating and managing a computer incident response team (CIRT), also sometimes known as a computer emergency response team (CERT).

The main resources used in writing this summary are shown at the bottom of this introduction; specific references will be provided in each of the remaining articles.

As everyone should know, the value of time is not constant. Spending an hour or a day planning so that one’s emergency response is shortened by a few seconds may save a life or prevent a business disaster. Organizing people to respond to computer security incidents is worth the effort not only when you actually have an incident but also because the analysis and interactions leading to establishment of the CIRT bring benefits even without an emergency.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

In an upcoming series of short articles, I will summarize the key points in creating and managing a computer incident response team (CIRT), also sometimes known as a computer emergency response team (CERT).

The main resources used in writing this summary are shown at the bottom of this introduction; specific references will be provided in each of the remaining articles.

As everyone should know, the value of time is not constant. Spending an hour or a day planning so that one’s emergency response is shortened by a few seconds may save a life or prevent a business disaster. Organizing people to respond to computer security incidents is worth the effort not only when you actually have an incident but also because the analysis and interactions leading to establishment of the CIRT bring benefits even without an emergency.

This series will explore the following topics:

* Creating the CIRT
- CIRT functions
- Defining service levels
- Establishing policies and procedures
- Staffing the CIRT

* Responding to computer emergencies
- Triage
- Technical expertise
- Tracking incidents
- Critical information
- The telephone hotline

* Managing the CIRT
- Securing your CIRT
- Professionalism
- Setting the rules for triage
- Avoiding burnout

* Continuous Process Improvement
- The post-mortem
- Sharing knowledge within the organization
- Sharing knowledge in the security community

Resources:

* “Computer emergency quick-response teams,” Chapter 40 in _Computer Security Handbook, 4th Edition_.

* Introduction to Computer Incident Response Team (CIRT) Management, by the Defense Information Systems Agency, U.S. Department of Defense. To download a full PDF catalog of free training materials, see:
http://iase.disa.mil/eta/

Read more about security in Network World's Security section.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.