General Incident-Handling Principles
There are six general principles that apply when handling all types of incidents, which are covered in the following sections.
Identify the CIRT Team
Every organization dependent upon computers should establish a Computer Incident Response Team (CIRT). This team possesses the training, knowledge, and authority to properly react to computer security incidents as they occur. The senior technical official in an organization (for example, CIO, CTO, IT Director) normally serves as the team leader. The remainder of the team is composed of technical experts and representatives of other organization divisions, as appropriate.
Declare an Incident
One of the most important functions of the team is to lay down policies ...
Get TICSA TruSecure™ ICSA Certified Security Associate Exam TU0-001 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
