5 Actions of a Computer Incident Response Team

Michael Herrera

IT departments should have a process in place for managing a computer incident. An incident can include any activity outside normal operations. Often incidents can escalate and require decisive action. In such cases, a Computer Incident Response Team (CIRT) would be appropriate. The CIRT is responsible for five major actions:

  1. Monitor – Every network must be monitored for a number of events such as failure events, unusual network traffic, excessive login attempts, etc.
  2. Alert and Mobilize – This may involve shutting down servers, firewalls, or other services if an unusual or suspicious event has occurred. In this case a CIRT member should alert appropriate team members and mobilize for action.
  3. Assess and Stabilize – Once the immediate threat has been stopped, the CIRT team will assess the situation and attempt to stabilize it.
  4. Resolve – A resolution may involve restoring using backups, updating operating systems, or changing settings on servers. This can be done after determining the nature and extent of an incident.
  5. Review – As with many events once the incident has been resolved it is necessary to go over the case and determine how it occurred, how to avoid similar problems in the future, and how to better understand the recovery process.

The CIRT most likely has day-to-day responsibilities as part of standard IT operations. It is very important that the Computer Incident Response Team’s responsibilities are integrated into a company’s Business Continuity and Disaster Recovery plan.

About
Michael Herrera is the Chief Executive Officer (CEO) of MHA. In his role, Michael provides global leadership to the entire set of industry practices and horizontal capabilities within MHA. Under his leadership, MHA has become a leading provider of Business Continuity and Disaster Recovery services to organizations on a global level. He is also the founder of BCMMETRICS, a leading cloud based tool designed to assess business continuity compliance and residual risk. Michael is a well-known and sought after speaker on Business Continuity issues at local and national contingency planner chapter meetings and conferences. Prior to founding MHA, he was a Regional VP for Bank of America, where he was responsible for Business Continuity across the southwest region.
risk mitigation