Search “scholar.google.com” or your textbook. Discuss the technical skills required to have a CSIRT response team consisting of employees with other job duties (i.e., not a full-time CSIRT job category)? Why or why not? What factors will influence their decision?
By knowing more in depth about CSIRT, we also find the Security Operations Centers (SOC) and the Cyber security Emergency Response Teams (CERT), which although they seem to fulfill the same function, are separate structures with different purposes. The fundamental difference of the SOC with respect to the CSIRT is that while the first one is in charge of detecting and preventing cyber attacks, the second one has a more reactive task in an emergency. The SOC, under these parameters, could be considered an additional department for the CSIRT, whose staff is responsible for continuously monitoring the security of an organization in search of potential risks in order to protect its infrastructure and data (Bada, M., Creese, S., Goldsmith, M., Mitchell, C., & Phillips, E. (2014)).
For its part, a CERT is more associated with academia and the Internet community to improve levels of cyber security and its main feature is that it is an acronym registered under the US Patent Office. It is important that organizations understand that the implementation or response of a CSIRT can help them both in their cyber security requirements and in the resolution of incidents once they are presented, achieving a complete approach to the prevention of cyber attacks in the organization (Mooi, R. D. (2014)).
Use an immediate notification system. If the management app warns each person of the changes made in real time, we will be going one step ahead. Many applications already have this service installed, which today is unthinkable not to use in our tool. All Project Managers who value these main actions will greatly reduce the risk of failure of their project.
What roles do we find in a CSIRT?
Although sometimes the same team member can fulfill different roles within a CSIRT, there are some that we meet regularly. These are:
· Team Leader: He is the director of the CSIRT and is also responsible for the response procedures such as the analysis and handling of references for future incidents.
· Incident Leader: Coordinates the individual responses of the area where the incident occurred.
· Administrative Specialist: Is the member in charge of the communication between the directors of the company and the CSIRT team.
· IT Support Specialist: The member that assumes the management, analysis and response to the threats that involve the IT infrastructure.
· Specialist in Public Relations: It is who structures the pieces of communication that influence the perception of the public and customers.
· Legal Specialist: The member responsible for analyzing the legal consequences for the company or the individuals involved in the emergency.
It should be noted that even if we do not have a CSIRT, a responsible organization usually has previously established an Incident Response Plan or IRP, that is, a manual that establishes the list with the different roles and responsibilities that will be assigned at the time of an incidence in security (Ruefle, R., Wyk, K., & Tosic, L. (2013)).
Roles also directly influence response time, a critical factor for the effectiveness of a CSIRT. In the face of an incident, a quick response will minimize the damage to the digital infrastructure and its operational, financial and reputational consequences (Jose, I., LaPort, K., & Trippe, D. M. (2016)).
In fact, three decades of the emergence of the Morris worm (Morris worm), the first malware in history that, in 1988, infected almost 10% of the 66,000 computers that were then part of the network of networks.