Cirt – Planning
Essay Preview: Cirt – Planning
Report this essay
The CIRT plan helps an organization prepare for incidents. Additionally, individuals on the team know their roles and responsibilities. Once the plan and the members are identified, the organization has a better under-standing of the skills needed. The members can be trained to ensure they have the skills needed to support the requirements. Without the plan, IT and security professionals dont have the benefit of time to analyze their response.
The three phases to computer forensic investigation are:
acquisition of evidence – getting all the evidence together to be used in the investigation
authentication of recorded evidence – making sure the evidence gathered is correct
analysis of evidence – the results of the findings
you learn from the incident, it becomes a lesson learned
The three models of NIST SP 800-61:
Central Incident Response Team – this team handles incidents throughout the organization
This model is effective for small organizations
Distributed Incident Response Team – The organization has multiple incident response teams, each responsible for handling incidents for a particular logical or physical segment of the organization. This model is effective for large organizations
Coordinating Team – incident response team provides guidance and advice to other teams without having authority over those teams. This model can also be called a CSIRT.