Information security risks are an ever-increasing threat today given the fact that the number of technically well informed users continues to grow, as well as the availability of the Internet on nearly every desktop. Protecting your organization’s information in today’s environment becomes a greater concern and importance and presents a formidable task for organizations to undertake. In response to the growing number of threats and intrusion activities, most organizations have established Security Programs and Plans to deal with the myriad of threats
present for any infrastructure.
Security Programs are essential to an organization and aid in protecting you from potential threats and vulnerabilities. However, Security Programs alone will not protect you and your organization from all incidents, nor will they cover the issues surrounding response to an incident. Many organizations are looking toward developing their own Computer Incident Response Team (CIRT) or possibly outsourcing in this area. A CERT/CIRT provide an organization with a structured, clearly defined plan for dealing with threats and incidents.
Smaller scale organizations or those with limited resources have a tendency to think that a Computer Incident Response Team is not necessary or that it is not feasible given their size or fiscal status. It is the intent of this study to focus on and discuss the challenges a smaller organization faces in the implementation of a Computer Incident Response Team. Further focus will be geared toward a simple, practical approach to implementing a CIRT and outlining some of the basic steps involved in the implementation process given the constraints of the organization operating with limited resources.