{"id":24,"date":"2003-11-11T00:00:00","date_gmt":"2003-11-11T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2003\/11\/11\/security-cirts-must-be-a-certainty\/"},"modified":"2021-12-30T11:36:19","modified_gmt":"2021-12-30T11:36:19","slug":"security-cirts-must-be-a-certainty","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2003\/11\/11\/security-cirts-must-be-a-certainty\/","title":{"rendered":"Security CIRTs must be a certainty"},"content":{"rendered":"<p>Companies need computer incident response teams (CIRTs) to fend off invading viruses and worms.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Others that are not obligated to have them may question whether they need a formal CIRT.  Those companies believe there is in-house expertise to sort out incidents, but they should ask themselves whether there is a system to alert the necessary people when an incident occurs.<\/p>\n<p>The first job for a CIRT is to assess the scope of damage and figure out how to lessen it, not necessarily gather evidence.  The optimal CIRT would consist of core members from IT auditing, information security and corporate security, in additional to the legal department.  Each group brings a different skill set to the team.  &#8220;If someone questions the CIRT team&#8217;s response, then the auditor will make sure the report is auditable,&#8221; Poulios said.  As such, they should probably handle the evidence gathering so the chain of custody is preserved.<\/p>\n<p>More info: [url=http:\/\/searchsecurity.techtarget.com\/originalContent\/0,289142,sid14_gci935950,00.html]http:\/\/searchsecurity.techtarget.com\/originalContent\/0,289142,sid14_gci935950,00.html[\/url]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-24","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/24","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=24"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/24\/revisions"}],"predecessor-version":[{"id":2511,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/24\/revisions\/2511"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=24"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=24"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=24"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}