Are you Ready?

Disclaimer: The views and opinions expressed in this blog are those of the author(s) and may not reflect the official policy or position of Excelsior College. Excelsior makes no claim regarding the suitability of the content for all audiences.

A key component of any Computer Security Incident Response Team (CSIRT) is full support from upper management for that team. This support includes buying in to the need for an organization-wide CSIRT, granting the required authority for the team to conduct its activities, and most importantly providing the necessary funding.

It is not just funding that is needed for everyday CSIRT activities, such as help desk staffing and forensic hardware and software, but also funding for the unexpected events that the CSIRT may encounter. Imagine a scenario in which a business has been attacked from within by an employee. In order to build a good case against the employee, it may be necessary to locate and image every computer the employee may have touched directly or indirectly. The expense associated with storing the Gigabytes of data from the imaged computers and performing forensics on them may be significant. Where will the money come from? Will the IT department have to ransack its budget in order to find the required funds?

Yes, we hope that events such as these never happen. But they sometimes do, and it is worthwhile to consider solutions to these problems before they occur, not during an incident.