Oct 13 2022

5 Questions to Ask When Creating a CSIRT

A computer security incident response team can be a valuable tool for higher education.

A computer security incident response team (CSIRT) can be a valuable tool for higher education. CSIRTs often are established as a response to cyberthreats, but they are most effective when created before issues arise. Here are five questions to ask when starting the process.

1. What Is a CSIRT and What Do They Do?

A CSIRT is a group of experts established by an organization to identify, document and respond to cybersecurity-related incidents. CSIRT services typically fall into three categories: reactive, which involves vulnerability alerts and incident handling; proactive, which includes intrusion detection and auditing; and security quality management, which encompasses risk analysis, disaster recovery and training.

2022 NCSAM sidebar image

2. Who Should Be on a CSIRT?

CSIRT teams often are formed in response to specific incidents and are composed of individuals with various technical, communication and administrative skills. Since the main goal is to limit the impact of cyber incidents, a CSIRT should include security analysts, network and system administrators, vulnerability experts, incident handlers, and managers.

3. What CSIRT Organizational Model Makes Sense for My Institution?

When creating a CSIRT organizational model, an institution must first establish how incident response individuals and teams will work together to carry out cyber incident response. A CSIRT may also involve other parts of an institution, like human resources and legal, to keep employees and the public informed about incidents.

Click the banner below to learn how to strengthen your team's security strategy.

4. What Technology Does a CSIRT Need?

CSIRTs can operate more effectively by adopting technologies and tools for incident response and threat intelligence. These tools allow institutions to process a constant flow of data and notify individuals affected by breaches in a timely manner. Since CSIRTs often have operational constraints due to limited budgets, open-source tools — such as CSIRT-KIT, for example — can be deployed with minimal cost.

5. What Costs Are Associated With a CSIRT?

The cost of creating a CSIRT varies for every institution and depends on the services it plans to provide, the administrative expenses and the CSIRT’s structure. Institutions should come up with a CSIRT strategy and use the data for cost-benefit analysis to determine how they will use their resources. This may require either hiring staff with the necessary skill sets or training existing employees.

Bookmark this page for more security stories during Cybersecurity Awareness Month.

PeopleImages/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.