Technical Skills of Csirt Team: Reply to Student's Post Paper Example

With the rise of cybercrimes and data breaches, it is important for any organization to have a team of professionals specialized to deal with the incident response. A computer security incident response team (CSIRT) is a group of people tasked with the duties of addressing in a timely and effective manner all the incidents that affect an organization. They should safeguard the confidentiality, integrity, and availability (CIA) of the computer systems, data, and networks (Bada et al., 2014). This team may consist of in-house experts or outsourced personnel qualified to tackle incident response. This team must consist of professionals with expertise in security analysis, network and system administration and other soft skills such as communication and managerial abilities. A CSIRT team responsible for an organization's security operation center (SOC) is tasked with duties such compliance and governance of security systems and applications, but an organization may also outsource CSIRT team qualified for incident response (IR).

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

A CSIRT team should be a team of professionals with technical, administrative expertise and communication skills. Some of the technical skills include the ability to manage risks and discover potential weak points for breach of security. They should understand the attack vectors used by cyber-crime activists, malicious codes, access control issues and physical security that affect the confidentiality, integrity, and availability of data in an organization (Bada et al., 2014). A CSIRT team should also understand the network technologies, communication procedures, applications of network systems and what comprises security breach and issues. They should be versed with techniques necessary to analyze data, logs, network behavior, and traffic and any motives that could suggest imminent attacks (Bada et al., 2014). A CSIRT team should also have basic knowledge of how to handle incident responses and communicate the results effectively with other members of the organization (Ruefle et al., 2014). This team should also be comprised of members who have vast knowledge and experience in detecting and collecting threat intelligence, ability to solve problems effectively and the skills to conduct preventive measures in case of future attacks.

Reply to Student's Post

The post provides that a CSIRT team is only required in incidents where a response is needed to tackle security issues in an organization. It further provides that organizations should not invest in CSIRT teams but only outsource the skills in case of emergencies. I do not agree with the post's evaluation because the presence of a CSIRT enhances the security of an organization and provides business continuity. The team ensures that the organization gains insights into threats against security, network systems, data, logs and administration and provides a quick and efficient incident recovery processes (Chen et al., 2014). A team in sight will control and manage the damage from spreading and will save the organization unnecessary damage that will be caused by the time spent in outsourcing a skilled team. Organizations should also keep a team of skilled and qualified CSIRT members as part of their employees to ensure confidentiality, integrity, and availability of the computer systems, data, and networks (Chen et al., 2014).

The post also puts much emphasis on the technical skills required and forgets to address the soft skills that a CSIRT team should have. For instance, communication skills will enable the team to communicate effectively with clients, executives and the public to convey information according to while addressing the incident (Aoyama et al., 2016). When working during the resolution of an incident, it is important for the team to have good listening skills. The team should also work in a professional manner to avoid releasing the information to the public domain and minimize the situation within the organization (Aoyama et al., 2016). Members of a CSIRT team, especially those who are outsourced to solve incident should be very trustworthy because they deal with very sensitive information. The ability to adapt to different situations will be helpful because not all incidents are the same, and they should remain calm in difficult situations (Aoyama et al., 2016). Finally, the ability to demonstrate organizational skills is important when working in an emergency to understand what needs to be prioritized and how to manage time.

Conclusion

In conclusion, due to the high rates of cybercrimes, organizations should invest and train its employees to gain technical skills required for a CSIRT team to tackle the incident response duties. The presence of a CSIRT team provides quick and efficient incident recovery processes by minimizing damage and preventing future attacks. Organizations should also emphasize the need to gain soft skills such as communication skills, organizational skills, listening skills, trustworthy and professionalism for a CSIRT to tackle incident recovery processes in an efficient manner.

References

Aoyama, T., Watanabe, K., Koshijima, I., & Hashimoto, Y. (2016, October). Developing a cyber incident communication management exercise for CI stakeholders. In International Conference on Critical Information Infrastructures Security(pp. 13-24). Springer, Cham. Retrieved from; https://pdfs.semanticscholar.org/d179/37929160e624ed749df3af3aec1c53e9da3c.pdf

Bada, M., Creese, S., Goldsmith, M., Mitchell, C., & Phillips, E. (2014). Computer Security Incident Response Teams (CSIRTs) An Overview. Global Cyber Security Capacity Centre, 1-23. Retrieved from; http://www.elizabethphillips.co.uk/Research/CSIRTs.pdf

Chen, T. R., Shore, D. B., Zaccaro, S. J., Dalal, R. S., Tetrick, L. E., & Gorab, A. K. (2014). An organizational psychology perspective to examining computer security incident response teams. IEEE Security & Privacy, (5), 61-67.

Ruefle, R., Dorofee, A., Mundie, D., Householder, A. D., Murray, M., & Perl, S. J. (2014). Computer security incident response team development and evolution. IEEE Security & Privacy, 12(5), 16-26.