With the move of more and more things to online storage, this efficiency allows rapid access but also represents a potential security risk. As legislation increasingly puts legal obligations on companies to protect the data of their customers, having some sort of group in place to react to any such security threats is critical, according to TechTarget. For those organizations with such legal obligations, strong considerations should be made to establishing a cybersecurity incident response team (CSIRT).
The goals of the CSIRT should be straightforward, with three key tasks:
- To minimize damage from any cybersecuity event,
- Analyze the nature and effects of any event, and
- Work to improve cybersecurity to prevent future events
Assembling the team, however, is not as easy. Instead, the assembly of any such team should consider the following questions:
- What sort of incidents are you most likely to encounter, and what specialized knowledge would be required in a response?
- Which parts of the organization need to be involved, to ensure a proper response?
- What are the organization’s priorities in responding to an indicent?
- Who will coordinate responses, and will that person change depending on the type of response needed?
- Are all relevant documents in place, to define the processes and responsibilities of the CSIRT and related points of contact?
While no company can ensure a perfect record against cyberattacks, establishing a CSIRT can help minimize the impact and ensure a smooth and coordinated response.
Source:
