Security

5 Questions to Ask When Creating a CSIRT

A computer security incident response team can be a valuable tool for higher education.

Zeus Kerravala is the founder of and principal analyst at ZK Research. Follow him on Twitter @zkerravala.

A computer security incident response team (CSIRT) can be a valuable tool for higher education. CSIRTs often are established as a response to cyberthreats, but they are most effective when created before issues arise. Here are five questions to ask when starting the process.

1. What Is a CSIRT and What Do They Do?

A CSIRT is a group of experts established by an organization to identify, document and respond to cybersecurity-related incidents. CSIRT services typically fall into three categories: reactive, which involves vulnerability alerts and incident handling; proactive, which includes intrusion detection and auditing; and security quality management, which encompasses risk analysis, disaster recovery and training.

DISCOVER: How to avoid security breaches in the IT department.

2. Who Should Be on a CSIRT?

CSIRT teams often are formed in response to specific incidents and are composed of individuals with various technical, communication and administrative skills. Since the main goal is to limit the impact of cyber incidents, a CSIRT should include security analysts, network and system administrators, vulnerability experts, incident handlers, and managers.

Click the banner below for exclusive content about cybersecurity in higher ed.

3. What CSIRT Organizational Model Makes Sense for My Institution?

When creating a CSIRT organizational model, an institution must first establish how incident response individuals and teams will work together to carry out cyber incident response. A CSIRT may also involve other parts of an institution, like human resources and legal, to keep employees and the public informed about incidents.

4. What Technology Does a CSIRT Need?

CSIRTs can operate more effectively by adopting technologies and tools for incident response and threat intelligence. These tools allow institutions to process a constant flow of data and notify individuals affected by breaches in a timely manner. Since CSIRTs often have operational constraints due to limited budgets, open-source tools — such as CSIRT-KIT, for example — can be deployed with minimal cost.

EXPLORE: Strategies for reducing complexity during digital transformation.

5. What Costs Are Associated With a CSIRT?

The cost of creating a CSIRT varies for every institution and depends on the services it plans to provide, the administrative expenses and the CSIRT’s structure. Institutions should come up with a CSIRT strategy and use the data for cost-benefit analysis to determine how they will use their resources. This may require either hiring staff with the necessary skill sets or training existing employees.

gorodenkoff/Getty Images