Computer Incident Response Team (CIRT)

A CIRT focuses on the incident to ensure that damage does not escalate and that the organization continues beyond the event. Members of the CIRT generally include the following:

• A member of the management team to provide leadership and decision-making authority
• A member of the information systems security (INFOSEC) team with the experience to contain the event, discover its origin and implement a computer system recovery protocol
• IT staff who are aware of which information system and network areas are affected and whether certain areas should be off-limits
• An IT auditor to ensure that all procedures are handled appropriately and that any outdated procedures are noted. IT auditors are most useful after the event and are tasked with learning why the incident occurred and discovering preventative future strategies.
• A staff member responsible for physical security to assist with determining the extent of physical damage
• An attorney to supply legal advice
• A human resources representative to offer expertise on handling issues involving employees and post-incident procedure methods
• A public relations specialist to properly convey company details after an incident
• A financial auditor to assess incurred damage for insurance purposes