Bus Cont Plan and Disaste Recovery Plan

1)Computer Security Incident Response Team (CSIRT)

The CSIRT (Computer Security Incident Response Team) is the core team responsible for dealing with IT security incidents and managing the impact in your organization. Assembling the proper team and identifying roles and responsibilities is crucial and should not be taken lightly. IT security professionals may fill several roles on this team, but not always. The severity of the incident, whether a breach has occurred, legal issues surrounding the incident or information involved, and the possibility of reputation loss. The CSIRT shall consist of a management and technical component.

Representatives from the following offices may comprise the CSIRT management component on an as-needed basis:

  • CISO
  • Finance and Administration
  • Chief Information Officer
  • Public Relations (System and/or Onsite)
  • Appropriate Information Chief Human Resources and Organizational Development Officer
  • Executive Director

A representative from the following offices may comprise the CSIRT technical component on an as-needed basis.

  • Security analyst(s) from the Office of Information Security (CISO office)
  • Network Analyst/Communications Specialist(s) from Network
  • System Administrator of the system affected
  • The company designated information security managers or other IT expert(s)(non-necessarily from the company where the incident occurred
  • A recorder from the local office (This individual will not participate in the investigation, but will be charged only with documenting what was done when.)

Depending on the nature of the incident the CSIRT may call upon other personnel or organizations as needed. Those others may include but are not limited to:

  • Law enforcement (local, state, and/or Federal)
  • Vendors
  • Other government agencies.

The CSIRT will ensure that actions are taken in a timely manner to include:

  1. External communications, proper notifications to affected individuals, and reporting as required by law or otherwise deemed appropriate,
  2. Fulfillment of the investigative actions by the technical component (triage, contain, eradicate and recover),
  3. Develop a final report which will summarize the findings


CSIRT Frequently Asked Questions (FAQ). (n.d.). Retrieved from https://www.cert.org/incident-management/csirt-dev…

Penedo, D. (n.d.). Technical Infrastructure as a CSIRT. International Conference on Internet Surveillance and Protection (ICISP’06). doi:10.1109/icisp.2006.32

student 2

2)An effective computer security incident response team (CSIRT) is the result of planning, preparation and training. Chief information security officers (CISOs) and other key security decision makers should follow a phased approach in developing and maintaining a CSIRT that will identify, contain, escalate, investigate and remediate incidents in a timely and efficient manner.

  • A CSIRT — the entity that “owns” an organization’s security incident response functions is an integral component of an effective security program. Nonetheless, many organizations either have no CSIRT in place, or have not established workable goals or procedures for the team.
  • CSIRTs require the involvement and support of individuals and roles beyond the information security and IT organizations. Most are actually “virtual teams,” with members who can be called on as needed for specific skill sets.
  • Part-time responders cannot be successful without adequate management support for training and the ability to leave their normal jobs on demand.
  • The CSIRT’s activities impact many different functional areas and operate across organizational and geographical boundaries. For this reason, the commitment and support of many different stakeholders including senior management are crucial to the team’s success.
  • A phased approach to development and implementation will enable organizations to best assess their needs and implement a CSIRT that will satisfy all stakeholders’ needs, and use available resources effectively.


  • Identify key executive stakeholders, such as those in lines of business, risk, HR and communications, and gain their explicit support for the goals of the CSIRT and its budgetary and cultural support.
  • Incorporate your response and escalation plan into your corporate policy to establish the CSIRT authority to do whatever is necessary to protect the organization, conduct an investigation, and ensure that CSIRT staff acting within their authority are protected from corporate politics and legal actions.
  • Build reporting into all facets of operations, including regular reporting on all activity detected. This provides context when incidents occur.
  • Include your virtual team in regular training drills, using a variety of techniques and scenarios.

Seven Steps to Creating an Effective CSIRT

A clearly defined context, purpose and scope focus the development of the CSIRT, ensure that the program meets internal and external requirements, set appropriate expectations, and establish support from senior leadership.

  • Event monitoring and identification — Monitoring of logging infrastructure to identify events of interest, and identify and conduct early assessment of events that may constitute security incidents (for example, security information and event management [SIEM] tools and other information sources).
  • Incident management — Command and control of actions directly required to coordinate work and manage an incident to its completion.
  • Forensic analysis and evidence collection — Collation, cataloging and protection of material used in support of decisions made during the incident, as well as research, disciplinary and legal activities following the incident.

Other functions may include:

  • Communication — Communication with internal personnel, including impacted business process owners (but not the public or external entities, which should be managed by the corporate communications or public relations organization).
  • Investigation — Investigation of potentially inappropriate activities by personnel (including security personnel or CSIRT members), which makes it critical that the team include a human resources (HR) member to reduce the potential for conflict of interest.
  • Legal support — Action to help the organization deal with potential legal or other liability (for example, through the exposure of confidential data and trade secrets, theft of funds, loss of private data or implied breach of contract), which requires a clearly defined relationship with legal counsel and internal legal mechanisms that give the CSIRT team the authority and flexibility to make decisions according to organizational priorities (see “Toolkit: Security Incident Response Preparation”) and provide protections for the team if good-faith mistakes are made.
  • Service management — Service commitments that may be affected by a security incident (for example, unscheduled outages for system repair and patch application, or external review/audit) and result in business or financial impact, which may become critical in heavily outsourced environments.
  • Customer service — Managing the impact of security incidents on customer service, which will probably involve a dedicated customer service team and marketing or public relations personnel.

Whether ancillary teams have individuals formally identified as part of the CSIRT — or whether the CSIRT is tasked with providing supporting service to those teams — will depend on enterprise-specific requirements. It is important to note that many of these elements will also be considered during the development of business continuity plans, and possibly IT disaster recovery plans, as well, and the CSIRT’s role should be consistent with these plans.



Order a unique copy of this paper
(550 words)

Approximate price: $22

Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

We value our customers and so we ensure that what we do is 100% original..
With us you are guaranteed of quality work done by our qualified experts.Your information and everything that you do with us is kept completely confidential.

Money-back guarantee

At homeworkcheg.com, You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

The Product ordered is guaranteed to be original. Orders are checked by the most advanced anti-plagiarism software in the market to assure that the Product is 100% original. The Company has a zero tolerance policy for plagiarism.

Read more

Free-revision policy

The Free Revision policy is a courtesy service that the Company provides to help ensure Customer’s total satisfaction with the completed Order. To receive free revision the Company requires that the Customer provide the request within fourteen (14) days from the first completion date and within a period of thirty (30) days for dissertations.

Read more

Privacy policy

The Company is committed to protect the privacy of the Customer and it will never resell or share any of Customer’s personal information, including credit card data, with any third party. All the online transactions are processed through the secure and reliable online payment systems.

Read more

Fair-cooperation guarantee

By placing an order with at HomeworkCheg, you agree to the service we provide. We will endear to do all that it takes to deliver a comprehensive paper as per your requirements. We also count on your cooperation to ensure that we deliver on this mandate.

Read more

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
The price is based on these factors:
Academic level
Number of pages