CIRT or Computer Incident Response Teams are specially those kinds of teams that are formed for the purpose of minimizing and controlling the impact of a security breach or other emergency (Brussin, Cobb, & Miora, 2003). They are also known as CERT (Computer Emergency Response Teams) and CSIRT (Computer Security Incident Response Teams), but they basically attempt to do the same in case of a computer security threat.
This question can only be truly answered by predicting the trends in intrusion and the level of threats expected. Usually, the answer is yes to the above question since an organization rather be safe than sorry! With the increasing number of viruses, spywares, backdoors in the systems being detected, having a CIRT is a must for any organization having informational data on the computers.
Before assigning the team and its task, the management needs to make a proper business plan in case of an incident. The plan includes all the details about the CIRT and all the information that the CIRT need to know. Furthermore, for the plan to be successful, the strategy must be feasible, approved and legally reviewed. "It is critical that practice emergencies are staged and response times measured. This would require financial and executive/upper management support and commitment to the CIRT need". (RHE, 2004)
Policies regarding the computer system must be in place before hand. The breach would usually occur when that policy is not obeyed, thus it is imperative to have policies so that the root cause of the problems can be found. These policies need to be documented and provided to every member of the organization so that everyone is aware of security guidelines and the procedures for emergency situations. (Lucas & Moeller, 2003)
4.2 Human Resource
An emergency is never planned so the people in the CIRT must accept the responsibility that is required of them to respond to an emergency at any hour. In selecting the human resources to assign the responsibility of computer security, only trust worth people should be selected. The people on the team must have a desire to rescue their company from the danger. "The technical expertise is of no use if a person who is supposed to do his job, ignores the emergency signal. Also sometimes due to time or financial constraints, the human resource includes logistics such as location and availability of technical workers". (RHE, 2004)
On the CIRT teams, usually system and network administrators are used as well as information security experts. "System administrators provide the knowledge and expertise of system resources, including data backups, backup hardware available for use, and more. Network administrators provide their knowledge of network protocols and the ability to re-route network traffic dynamically. Information security personnel are useful for thoroughly tracking and tracing security issues as well as performing a post-mortem (after the attack) analysis of compromised systems" (RHE, 2004).
To be sure of the human capability, additional personnel should be kept for backup in case some member doesn't show up. Although this option may not always be feasible, an organization should at least try to then cross-train their workers so that they can substitute a place if someone is absent in the need of the hour. (RHE,