Computer Security Incident Response Team

In the last decade, more and more companies have started to look into e-commerce to connect them to the infinite world of global suppliers, partners, consumers and much more. This boom in technology has placed multiple assets are risk from a security stand point allowing hackers/crakers and anyone on the internet to gain access to these network and gain information or try to jeopardize business to a point where it stand stills.
Increase in Denial of service attacks, child pornography, virus/worms and other tools used by individuals to destroy data has lead to law enforcement and media to look into why and how these security breaches are conducted and what new statutory laws are needed to stop this from happening. According to CSI computer crime and security Survey 2007, the average annual loss reported by security breach has shot up to $350,424 from 168,000 the previous year. To add to this, more and more organizations are reporting computer intrusions to law enforcement which inclined to 29 percent compared to 25 percent the year before. [1]
To be successful in respond to an incident, there are a few things that need to be followed:
1. Minimize the number of severity of security incidents.
2. Assemble the core computer security Incident Response Team (CSIRT).
3. Define an incident response plan.
4. Contain the damage and minimize risk. [3]
How to minimize the number of severity and security incidents:
It is impossible to prevent all security related incidents, but there are things that can be done to minimize the impact of such incidents:
• Establishing and enforcing security policies and procedures.
• Gaining support from Management in both enforcing security policies and handling incidents.
• Accessing vulnerabilities on the environment on regular basis including regular audits.
• Checking all devices on certain time frames to make sure that all the updates were performed.
• Establishing security policies for both end users and security personal