It Risk Management Primary Elements of a Cirt

Question :

Describe the purpose and primary elements of a CIRT plan.

Answer :

The primary purpose of a CIRT plan is to ensure that an organization is prepared for incidents and can successfully mitigate the possible damages from those incidents. It covers the policy statements that are associated with the incidents such as whether CIRT members are expected to revert to the attack. There are six elements of a CIRT plan (McCarthy et al, 2012). They are preparation, identification, containment, eradication, recovery, and post-mortem review. Preparation is related to the identification of tools and devices required to respond to the incident. Identification step is concerned with classifying and documenting the incident after it is identified. Containment step is concerned with limiting the magnitude of the incident. Eradication step focuses on removal of incident. Recovery step brings back the affected assets. Post-Mortem review includes full report on the incident including recommendations related to actions that can be taken if such incident takes place again in the future.

There is no doubt that computer security incidents are a form of risk that impacts the progress of the organization. And in every risk management plan, there is a description of risk and their mitigation plan (Caldwell, 2012). CIRT plan is the mitigation for those incidents. Now, in this CIRT plan, there can be two kinds of challenges. First can be regarding the known risks for which organization may already have well defined plan for mitigation. And there can be those risks that are new and may require thorough CIRT plan implementation to avoid future such challenges.

Disaster recovery plan calls for involvement of tools, policies, and processes that enables the recovery and continuity of key technological infrastructures after occurrence of disaster led by human or nature. In a way it can be said that CIRT plan is closely associated with BCP and DRP. Therefore, considering it as a separate aspect within an organization may not bring enough usefulness. The methodology adopted to resolve issues in CIRT plan can use the key aspects of BCP and DRP to ensure that the organization not only covers all key aspects, it will also help it in not provisioning separate resource.

CIRT plan not only allows to handle the incident that occurs in the present, but it also provides recommendations and paves way to handle similar issues in the future. The company can use this aspect to ensure that when similar occurs in the future, then instead of redoing everything from scratch, the company can directly take actions that are pre-planned. This will not only consume lesser resource in combating the challenge, organization can act faster. 

The future is changing faster than one can imagine, particularly riding on the latest developments in faster communication devices, growth towards artificial intelligence, increase in community sharing of malicious programs, and increased number of players with malicious intents, it is possible that what worked today in handling the threat may not work tomorrow. Therefore, the best way is to ensure that the company constantly keeps any eye on the latest development in the field related to the threat and keep updating its CIRT plan (Luttgens et al, 2014). The problem will start occurring when the company stops probing, learning, and improving. It if regularly updates its plan, only then it can fight back with efficiency. It will also help it in taking all the necessary precautionary measures in time and preventing the threat from occurring. Preventing can be considered as the best way to save time and resource of the organization rather than handling things after the attack.