day-to-day basis, legal staff may
need to review non-disclosure
agreements, develop appropriate
wording for contacting other
sites and organisations, and
determine site liability for computer
security incidents
• HR: HR representative/s will develop
job descriptions for CSIRT staff
and be involved in the policies and
procedures around employees’
access to and use of company IT
and any associated systems and
applications (including any belonging
to third parties)
• PR: PR resources are needed when
it comes to external communications,
handling media enquiries in the
event of an incident and providing
guidelines for information disclosure
policies and practices
assessments will play a central role
in planning the defence strategy.
It will be the role of the CSIRT to mitigate
cybersecurity risks and tackle different
types of breach scenarios. Therefore,
the team must be well equipped to
gather and analyse all relevant data
and must have management support for
the level of security required to protect
sensitive information and critical assets
from threats. This support includes
ensuring budget is there to implement a
comprehensive programme.
The team will become expert at both
looking within the organisation –
understanding its network traffic, its
security controls, capabilities, resources
and where threats can occur – and at
looking outward to the environment the
organisation operates in.
It will need to collect and develop
information and evidence about attack
vectors and threat agents, to deploy risk
early warning indicators (REWI) to define
security analytics and help align security
metrics and analytics.
It should also work with the wider
cyber community for the purpose of
better protecting the organisation
and contributing to the wider
preparedness of the business
community to cyberthreats.
an incident. The role of the CSIRT in
making recommendations on security
should be clear, as should the team’s
access to network and systems logs
for analysis purposes
• Legal: Clearly, a legal representative
is needed to address legal issues.
Legal’s involvement in incident
response efforts should be
determined and stated. On a
www.intelligentciso.com
|
Issue 19
• Security: Existing security groups
including physical security;
responsibility may be shared
between the CSIRT and security
teams when it comes to resolving
issues such as computer/data theft
• Audit and risk management
specialists: These will be
integral members of the team as
threat metrics and vulnerability
It is clear that cybersecurity will
continue to form a growing part of
risk management and mitigation
within enterprises.
Within this environment, CSIRT
programmes should form a central
part of cybersecurity measures,
helping companies equip themselves
to safeguard data and information,
in order to protect stakeholders and
assets and maintain the ability of
organisations to perform. u
65