Manage Learn to apply best practices and optimize your operations.

How to assign responsibilities for a CSIRT

As part of our overall security posture, we're in the process of forming a computer security incident response team (CSIRT). Could you recommend some resources that could tell us what specific responsibilities and/or examples that the various job functions of the team have? (e.g., HR's role is...).
Anytime that anyone I know needs to develop a lot of various security roles and responsibilities such as these, I refer them to one source -- Information Security Roles and Responsibilities Made Easy by Charles Cresson Wood. It's not cheap, but I guarantee you it'll save you time, effort and money within the first day of using it. You won't have to worry about hiring a consultant to develop these roles and responsibilities or spend hours searching for them on the Internet. This book is the one resource to have. You can learn more about it at http://www.netiq.com/products/pub/israr.asp.
For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Link: Security Management

This was last published in April 2003

Dig Deeper on Information security program management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.