What Does Computer Incident Response Team Mean?
A computer incident response team (CIRT) is a group that handles events involving computer security breaches. Although most organizations have measures in place to prevent security problems, such events may still occur unexpectedly and must be handled efficiently by CIRT experts, which include team members from specified departments and specialties.
Techopedia Explains Computer Incident Response Team
A CIRT focuses on the incident to ensure that damage does not escalate and that the organization continues beyond the event. Members of the CIRT generally include the following:
- A member of the management team to provide leadership and decision-making authority
- A member of the information systems security (INFOSEC) team with the experience to contain the event, discover its origin and implement a computer system recovery protocol
- IT staff who are aware of which information system and network areas are affected and whether certain areas should be off-limits
- An IT auditor to ensure that all procedures are handled appropriately and that any outdated procedures are noted. IT auditors are most useful after the event and are tasked with learning why the incident occurred and discovering preventative future strategies.
- A staff member responsible for physical security to assist with determining the extent of physical damage
- An attorney to supply legal advice
- A human resources representative to offer expertise on handling issues involving employees and post-incident procedure methods
- A public relations specialist to properly convey company details after an incident
- A financial auditor to assess incurred damage for insurance purposes