Computer Security Incident Response Teams (CSIRTs)
Raymond R. Panko, University of Hawaii, Manoa
Protection Against Subsequent Attacks
INTRODUCTION
Almost all corporations today protect themselves with layered defenses consisting of firewalls, antivirus systems, hardened hosts, and other protections. Even so, security incidents (also called security breaches) sometimes occur.
The firm's on-duty staff may be tasked to handle minor incidents because they can respond immediately and generally effectively. For major incidents, however, such as a major virus attack, a major denial-of-service attack, or the hacking (takeover) of important servers, the firm needs a team approach to stop the breach and get the firm back to normal. To handle major incidents, many firms create computer security incident response teams (CSIRTS), also known as computer emergency response teams (CERTs) and computer incident response teams (CIRTs). The term computer emergency response team (CERT) is a registered trademark of the CERT/Coordination Center at Carnegie-Mellon University (http://www.cert.org) and may only be used with permission.
A critical success factor ...
Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
