Note: Need to respond the below post whether we are agreeing or not. If so why we are agreeing if not why we are not agreeing. Need it with peer reviewed refernces.
The creation of a CSIRT is not really that difficult and can be done in just a few weeks or months. CSIRT is an independent unit that can be created and be placed in either the business, internal security, public or IT security divisions. The CSIRT can cover a wide range of customers, from Web, web application and network security to Internet Infrastructure, cybercrime and security technology. CSIRT’s are important to the security of both corporate and internal IT systems.
The CSIRT’s mandate is to provide strategic advice and technical support to both federal and provincial governments and regulated entities in their various interactions with the telecommunications industry, such as, law enforcement agencies and telecommunications carriers. A CSIRT’s best effort response to a security incident focuses on prevention and not response, and will focus on mitigating the extent of harm resulting from the incident.
Any organisations that are being targeted by an organised cyber attack can now use the CSIRT as a security protection for both computer networks and the physical security of data, equipment and personal property. When implementing a new CSIRT program, the key consideration is to create a working environment in which people are free to share information, collaborate, and understand the importance of the security posture. While meeting that goal is not as simple as keeping the CSIRT happy, the CSIRT can play a key role in supporting the security teams and ensuring the protection of critical business assets and information.
Organizations can benefit from a more cohesive system to ensure greater compliance with stringent security standards. In the context of web-based user authentication, a CSIRT can assess the security posture of an authentication server, exploit any potential vulnerabilities and take appropriate corrective actions to block compromised logins or access to vulnerable web sites. CSIRT can even combine the functions of a monitoring and tracking system with a remediation team for a less manual response.
Pfleeger, S. L. (2017). Improving Cybersecurity Incident Response Team (CSIRT) Skills, Dynamics and Effectiveness. Trustees of Dartmouth College Hanover United States.