Cirt - Planning
Essay by leyen • November 6, 2013 • Essay • 202 Words (1 Pages) • 1,655 Views
1) The CIRT plan helps an organization prepare for incidents. Additionally, individuals on the team know their roles and responsibilities. Once the plan and the members are identified, the organization has a better under-standing of the skills needed. The members can be trained to ensure they have the skills needed to support the requirements. Without the plan, IT and security professionals don't have the benefit of time to analyze their response.
2) The three phases to computer forensic investigation are:
a) acquisition of evidence - getting all the evidence together to be used in the investigation
b) authentication of recorded evidence - making sure the evidence gathered is correct
c) analysis of evidence - the results of the findings
3) you learn from the incident, it becomes a lesson learned
4) The three models of NIST SP 800-61:
a) Central Incident Response Team - this team handles incidents throughout the organization
This model is effective for small organizations
b) Distributed Incident Response Team - The organization has multiple incident response teams, each responsible for handling incidents for a particular logical or physical segment of the organization. This model is effective for large organizations
c) Coordinating Team - incident response team provides guidance and advice to other teams without having authority over those teams. This model can also be called a CSIRT.
...
...