Concepts of Operation : CIRT

Title : Incident Recovery Capabilities

Student Name

Student Number

Tutor 's Name

8 July 2008

CIRT has to follow certain procedures in ensuring that they contain the incident . They have to follow various protocols and policies to prevent any misunderstanding between the associated departments . This takes place until the incident is either contained or canceled which leads to the closure of the incident

Before deciding whether the incident should be closed , the top management is supposed to be updated and given the reason why the incident should be closed

. In addition , the team should clearly have checked the issue completely and the team as a team conclusively decided on the remediation of such issues

Each team member who is in the CIRT is supposed to accept whether the incident has been contained or not . Moreover , the affected departments team representatives should ensure that the team members should not use the opportunity in doing their private or snooping on the information from such department . This means that there should be a level of privacy and confidentiality in responding to the incident (Dwight 1999 , pp . 96 - 100

When the right steps are taken in managing any incident , each step requires documentation and reports that they are used to update the management until the incident is closed . This is common to all incidents . Sometimes the issue may have been a proxy or a misunderstanding , which led to cancellation . Cancellation of an incident may be seen when the incident is out of hand and a new incentive should be developed

Closure of incident analyzes whether the original intention of the team was accomplished . Before they were called , there was what triggered their presence such a thing like a virus or intrusion - hackers . At the end of the response , the team should be able to check the nature of incident and the required solution derived (James 2006 , pp . 66 - 70

According to what is stipulated in the policies and procedures , a question is asked whether they followed the right steps in ensuring that response was what was required . There may be various shortcomings that they came across which should be avoided in the future if possible are also analyzed (John 2000 , pp . 23 - 45

The report that is written should clearly state the cause of incident and what measures were taken in solving the issue . The report should clearly state systematically the procedures that were followed , and who was involved and why they were involved . In doing so there will be transparency , and if any issue may arise , some of the team members will be held responsible . It should also contain the measures that were taken to prevent future occurrence of the same issue . An example may be due to a virus , hence the use and introducing a specific antivirus will solve the issue for future of such occurrence

When the team is working on an incident , the right procedures and policies that were put in place should be followed . This will make it easy in...