3. What CSIRT Organizational Model Makes Sense for My Institution?
When creating a CSIRT organizational model, an institution must first establish how incident response individuals and teams will work together to carry out cyber incident response. A CSIRT may also involve other parts of an institution, like human resources and legal, to keep employees and the public informed about incidents.
4. What Technology Does a CSIRT Need?
CSIRTs can operate more effectively by adopting technologies and tools for incident response and threat intelligence. These tools allow institutions to process a constant flow of data and notify individuals affected by breaches in a timely manner. Since CSIRTs often have operational constraints due to limited budgets, open-source tools — such as CSIRT-KIT, for example — can be deployed with minimal cost.
EXPLORE: Strategies for reducing complexity during digital transformation.
5. What Costs Are Associated With a CSIRT?
The cost of creating a CSIRT varies for every institution and depends on the services it plans to provide, the administrative expenses and the CSIRT’s structure. Institutions should come up with a CSIRT strategy and use the data for cost-benefit analysis to determine how they will use their resources. This may require either hiring staff with the necessary skill sets or training existing employees.