Tip

The Effective Incident Response Team: Chapter 2, What's Your Mission?

Written by Julie Lucas and Brian Moeller; Published by Addison-Wesley

The following excerpt is from Chapter 2, What's Your Mission? of The Effective Incident Response Team, written by Julie Lucas and Brian Moeller and published by Addison-Wesley.

    Requires Free Membership to View

Read the entire chapter here.


Management courses frequently highlight the importance of mission statements. It is often emphasized that all members of a team or organization should understand the group's mission so they can take ownership of the tasks at hand. The formation of a CIRT team is no different with respect to having a clearly identified mission. Establishing a mission up front by identifying the scope and focus of the team will ease the decision-making process for many later issues. The mission will also have a direct impact on the number and types of resources that need to be allocated to the team. To aid with this task, start by answering a few basic questions.

Questions to help identify the team's mission:

  1. Who is included in the team's constituency? In other words, who owns the computers the team will be responsible for monitoring and responding to incidents on if they are attacked?
  2. How dispersed is the constituency? If it is spread out, are there regional information technology resources that may be called upon during a crisis?
  3. What is the ideal manner for the team to respond to an incident: on site, remotely, or through some combination of these methods?
  4. Will the team work with law enforcement either directly or indirectly?
  5. Will the team's strategy be strictly reactive, or both proactive and reactive?
  6. What services or functions will the team provide?
  7. What type of activity is considered to be an incident (i.e., to what sort of activity will the team respond)?
  8. How will incident reports be stored and tracked?
  9. How will the incidents be counted?
  10. What statistics need to be provided to reflect the team's activities? Who will need these statistics and how often? How granular should the statistics be?

>> Read the rest of Chapter 2 and Chapter 8 of The Effective Incident Response Team.


ABOUT THE BOOK

Summary

When an intruder, worm, virus or automated attack persists in targeting a computer system, having specific controls in place and a plan of action for responding to the attack or computer incident can greatly reduce the resultant costs to an organization. The implementation of a Computer Incident Response Team, whether it's formed with internal or external resources, is one safeguard that can have a large return on investment during a crisis situation. This book serves as a guide to anyone contemplating or being tasked with forming a Computer Incident Response Team. The creation of such a team is not a trivial matter and there are many issues that must be addressed up front to help ensure a smooth implementation. This book will try to identify most of these issues to help with the creation process. Once the team is formed and operational, this guide will continue to serve as a resource while the team evolves to respond to the ever-changing types of vulnerabilities.

Authors

Julie Lucas, CISSP, is the Security Practice Director at Global Network Technology Services in Columbus, Ohio. As the director, she designs and implements their computer security service offerings. Prior to GNTS, she became the first Naval Computer Incident Response Team (NAVCIRT) officer. She developed the NAVCIRT into a world-class incident response team responsible for detecting and reacting to computer security threats on Navy and Marine Corps systems worldwide. Brian Moeller, CISSP, is a Firewall and Network Security Consultant for the Ohio State University Network Security/Incident Response Team.


This was first published in September 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.