Computer Security Incident Response Teams (CSIRTs)
Raymond R. Panko, University of Hawaii, Manoa
Almost all corporations today protect themselves with layered defenses consisting of firewalls, antivirus systems, hardened hosts, and other protections. Even so, security incidents (also called security breaches) sometimes occur.
The firm's on-duty staff may be tasked to handle minor incidents because they can respond immediately and generally effectively. For major incidents, however, such as a major virus attack, a major denial-of-service attack, or the hacking (takeover) of important servers, the firm needs a team approach to stop the breach and get the firm back to normal. To handle major incidents, many firms create computer security incident response teams (CSIRTS), also known as computer emergency response teams (CERTs) and computer incident response teams (CIRTs). The term computer emergency response team (CERT) is a registered trademark of the CERT/Coordination Center at Carnegie-Mellon University (http://www.cert.org) and may only be used with permission.
A critical success factor ...