By John Moore:

"Government technology departments work in a tough neighborhood. Network intruders, unsavory gangs of malware hacks and criminally manipulative social-engineering schemers lurk everywhere, waiting to strike with heartless, ill intent. Sometimes, despite their best efforts, the good guys don’t win.

When that happens, some agencies summon a specialized security unit into action.

That group, the computer incident response team (CIRT) or computer security incident response team (CSIRT), is a rapid deployment force for addressing security breaches. The Federal Information Security Management Act calls for agencies to develop “procedures for detecting, reporting and responding to security incidents.” Response teams can help fulfill that mandate.

Those teams’ purpose is to shut down or contain incidents, minimize organizational disruption and data loss, and avoid damage to reputation. But to realize those potential benefits, agencies must avoid some common team-building pitfalls: insufficiently documented procedures, communication gaps and poor preparation.

Here are some steps that agency executives can take to create a response team from scratch or re-evaluate an existing one to ensure that it remains focused and on track."

Continue Reading