In: Computer Science
Please DO NOT copy-paste from other sources. answer will be checked for plagiarism. Thank you!!!
Question: Using a Web browser, search for “incident response template.” Look through the first five results and choose one for further investigation. Take a look at it and determine if you think it would be useful to an organization creating a CSIRT. Why or why not?
In the results, I investigated and after reading both pros and Con's I'll like to suggest to go for Having a Cyber security Incident Response Team ( CSIRT ).
There are many reasons to have a CSIRT team, and based in the requirements one can have a dedicated team of a group of trained IT members of team to do the required in the real time.
In the piece I investigated, it was mentioned that in a particular research a average company looses 11.7 million per year against cyber attack, which is a good enough economic incentive to do so.
But more then anything, it's a essential need today in the era where everything is online and data is more valuable then anything, one needs to have someone in there company protecting that element.
And if in any case someone is able to bleach the system we will still need, a good amount of work to be done by a team ( CSIRT) for a proper response.
Now the work is not only a temporary but also a long term response, and it's most likely that these people will not only be responding but also be analysing for future threat's.
The template that seems to be most promising to me was, California Government Department of Technology incident response plan
Now one of the main reason for that is because it's a very simple program template, and as it's well said in management subjects and practices Keep it Simple Stupid (KISS).
The thing to remember is that, we aren't building a project for which we have a huge time band, but a very quick response to a attack.
So the simplest way to do it is, keep a simple check list ( of 17 item's) and that's what the template is.
And it's as easy to measure parameter for the drills to keep the CSIRT active even when they are waiting for a attack.
This template do provide a customer option to take the issues to put on this check list as per the attacks type, response strategies etc.
Hope it helps