CIRT has to follow certain procedures in ensuring that they contain the incident. They have to follow various protocols and policies to prevent any misunderstanding between the associated departments. This takes place until the incident is either contained or canceled which leads to the closure of the incident. Before deciding whether the incident should be closed, the top management is supposed to be updated and given the reason why the incident should be closed. In addition, the team should clearly have checked the issue completely and the team as a team conclusively decided on the remediation of such issues.
Each team member who is in the CIRT is supposed to accept whether the incident has been contained or not. Moreover, the affected departments’ team representatives should ensure that the team members should not use the opportunity in doing their private or snooping on the information from such department. This means that there should be a level of privacy and confidentiality in responding to the incident (Dwight 1999, pp. 96 – 100). When the right steps are taken in managing any incident, each step requires documentation and reports that they are used to update the management until the incident is closed.
Such procedures are common to most incidents. Sometimes the issue may have been a proxy or a misunderstanding, which led to cancellation. Cancellation of an incident may arise when the incident is out of hand and a new incentive should be developed. Closure of incident analyzes whether the original intention of the team was accomplished. Before they were called, there was what triggered their presence such a thing like a virus or intrusion – hackers. At the end of the response, the team should be able to check the nature of incident and the required solution derived (James 2006, pp.66 – 70).
According to what is stipulated in the policies and procedures, a question is asked whether they followed the right steps in ensuring that response was what was required. There may be various shortcomings that they came across which should be avoided in the future if possible are also analyzed (John 2000, pp. 23 – 45). The report that is written should clearly state the cause of incident and what measures were taken in solving the issue. The report should clearly state systematically the procedures that were followed, and who was involved and why they were involved.
In doing so there will be transparency, and if any issue may arise, some of the team members will be held responsible. It should also contain the measures that were taken to prevent future occurrence of the same issue. An example may be due to a virus, hence the use and introducing a specific antivirus will solve the issue for future of such occurrence. When the team is working on an incident, the right procedures and policies that were put in place should be followed. This will make it easy in updating the management and containment of incident.
Modification and improvement of policies that involve the management of the organization and the CIRT will be simple to be introduced following recommendations that were presented in the report.
References
Dwight, H. (1999). Computer Security Threats, London: Oxford University Publishers, pp 96 – 100 James, K. (2006). Computer Networks and Related Securities, New York: McGraw Publishers, pp. 66 – 70 John, R. (2000). The World of Business Management: Computer Incident Management, New York: Cambridge University Press, pp. 23 – 45 Subhankar, B. (2003). Security Management, New York: New York Publishers, pp. 56 – 70