* Computer Incident Response Team advantages, requirements and tools In this installment of my continuing series on Computer Incident Response Team management, I’ll review a few principles and give some practical pointers for effective response to security breaches and other operational difficulties. Today, I’ll focus on some of the advantages, requirements and tools for incident tracking.ADVANTAGES:Keeping track of all technical support calls is essential for effective incident handling. Having details available to all members of the CIRT in real-time and for research and analysis later serves many functions:* Communication among team members: Having the details written down in one place means that team members can pass a case from one to another and share data efficiently. * Better client service: Callers become frustrated when they have to repeat the same information to several people in a row; a good incident-tracking system reduces that kind of irritation.* Documentation for effective problem-solving: A good base of documented experience can help find the right procedure and the right solution quickly. * Institutional memory: When experience is written down and accessible, the organization’s capacity to respond quickly and correctly to incidents improves over time.* Follow-up with clients: Managers can use the incident database to prepare management reports and to follow-up with specific clients to understand and resolve difficulties or complaints.* Forensic evidence: Detailed, accurate and correctly timestamped notes can be a deciding element in successful prosecution of malefactors.REQUIREMENTS:Some of the more obvious requirements of any incident-handling system are listed below. Most are self-explanatory but I’ve added comments to a few of them:* Unique identifier for each case. * Dates and times for all events.* Who currently controls the case: It should be instantly obvious who is in charge of solving the problem.* Keywords.* Contact information: Every person in the case should be listed with room for phone, e-mail and fax numbers. * Handover of control: Whenever someone takes over control of the case, that handover should be noted in the record.* Technical details including: – Diagnostics – Tests of hypotheses* Resolution: What was the outcome? When was the case closed?* Search facilities: Full-text search capabilities.* Knowledge base: Ability to integrate vendor-supplied entries to speed research.In an online discussion by someone called “DonaldA-M”, I noted two additional points I hadn’t thought of:* Industry-standard database engine: Easy to learn, maintain and improve.* Accept input from comma-separated value (CSV) files: Import data from other systems.TOOLS:There’s a wide range of software available for tracking incidents. You can build your own, but then you’ll have to provide proper documentation and training materials because turnover is a constant problem for CIRTs. In addition, unless your analysts have experience with the CIRT function, they are likely to miss useful features that have accumulated over the years in products used by thousands of people.I have provided a short list of proprietary (commercial) help desk products in the Readings section below. You will want to use the Network World Fusion search at https://search.nwfusion.com/query.html?qt=help+desk to see an extensive list of articles on this topic.There are also well-respected open-source tools listed below.All such tools can be complex; since you don’t want people fumbling about in an emergency, be sure that you budget for adequate training for your staff as you implement the tool you select.* * *For Further Reading“DonaldA-M” (2003). Good, but there’s more…https://tinyurl.com/4bcveCerberus Helpdeskhttps://cerberusweb.com/DISA (2001). Introduction to Computer Incident Response Team (CIRT) Management. Defense Information Systems Agency, U.S. Department of Defense. See https://iase.disa.mil/eta/ to download a full PDF catalog of free training materials.Help Desk Institutehttps://www.thinkhdi.com/HelpMaster Pro Suitehttps://www.prd-software.com.au/prd/help-desk-products/Open Source Ticket Request System (OTRS)https://otrs.org/Request Tracker (RT)https://www.bestpractical.com/rt/TrackIt!https://www.itsolutions.intuit.com/Track-It.aspWard, J. (2003). Evaluate help desk call-tracking software with these criteria.https://techrepublic.com.com/5100-6270-5030618.html?tag=seriesWard, J. (2003). Product review: HEAT PowerDesk, call center tracking software.https://techrepublic.com.com/5100-6270-5034947.htmlWard, J. (2003). Product review: HelpMaster call center tracking software. https://techrepublic.com.com/5100-6270-5034721.html Related content how-to Doing tricks on the Linux command line Linux tricks can make even the more complicated Linux commands easier, more fun and more rewarding. By Sandra Henry-Stocker Dec 08, 2023 5 mins Linux news TSMC bets on AI chips for revival of growth in semiconductor demand Executives at the chip manufacturer are still optimistic about the revenue potential of AI, as Nvidia and its partners say new GPUs have a lead time of up to 52 weeks. By Sam Reynolds Dec 08, 2023 3 mins CPUs and Processors Technology Industry news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions Industry news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Cloud Computing Networking Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe