Organizational Models for Computer Security Incident Response Teams (CSIRTs)
| Title: | Organizational Models for Computer Security Incident Response Teams (CSIRTs) (ID: CSD3846) | | Author(s): | Georgia Killcrece (Carnegie Mellon University), Robin Ruefle (Carnegie Mellon University) and Mark Zajicek (Carnegie Mellon University) | | Topics: | Cybersecurity, Incident Handling and Response, Security Management, Security Planning | | Source: | Carnegie Mellon Software Engineering Institute | | Origin: | Community Contributions (2003) | | Type: | Plans and Guidelines | | Abstract: | When a computer security attack on an organization occurs, an intrusion is recognized, or some other kind of computer security incident occurs, it is critical for the organization to have a fast and effective means of responding. One method of addressing this need is to establish a formal incident response capability or a Computer Security Incident Response Team (CSIRT). When an incident occurs, the goal of the CSIRT is to control and minimize any damage, preserve evidence, provide quick and efficient recovery, prevent similar future events, and gain insight into threats against the organization. This handbook describes different organizational models for implementing incident handling capabilities, including each model's advantages and disadvantages and the kinds of incident management services that best fit with it. | | View this resource: | |
|
