Discuss the technical skills required to have a CSIRT response team consisting of

employees with other job duties (i.e., not a full-time CSIRT job category)? Why or why

not? What factors will influence their decision?

A Computer Security Incident Response Team (CSIRT) is type of organization which work to

identify security breaches and analyze security reports. It is established with group of members.

There are various types of CSIRT, in which internal CSIRT is one of them which is assembled as

a part of some parent organization which can be government, a corporation, a university or

research network. National CSIRT lookup for country level security factors. There are various

benefits of having these types of teams, since IT security plans include information for protection

from various strategies which can be natural and man-made. Other factors include in this plans

are failure analysis and risk management. Creating some structured team that have technical

skills will lead to knowledge sharing between those members which are from non-technical

terms. Customers relying on any organization can be assured that their information is not only

stored they are being protected by methods that individual one is daily suffering from. Working

as CSIRT as part time can lead various technical knowledge in any individual and also help them

financially. Taking in other category member as CSIRT helps other members of CSIRT(working

full time) to get to know what situation or what criteria can arise while dealing with personal

security issue. There are various skills needed to be a CSIRT in which some of them are having

technical knowledge, communication and some administrative knowledge. Above all these skill

each CSIRT must have basic knowledge of incident handling service. This skill will help in

decision making problems which include knowledge of tools for risk management in

organization for discovering weak points and also helps in understanding attack factors like

flaws, malicious contents, access control problems and physical security requirements. For quick
and responsive decision control all members need to be well known with network technologies,

their applications in real life, protocols for communication and security issues. There are various

factors that will influence decision capability of CSIRT are lacking of knowledge in networks

and communication skills, listening skills , ego , problem solving tactics, ability to cope with

stress, etc. These skills will directly affect the decision taking capability so these factors must be

clearly covered with the skill enhancement classes that should be provided by seniors to new

comers for security and various enhancements.

References

 http://www.csirt.org/

 What is Computer Security Incident Response Team (CSIRT) ? - Definition from

WhatIs.com. (n.d.). Retrieved November 18, 2018, from

https://whatis.techtarget.com/definition/Computer-Security-Incident-Response-Team-CSIRT

 Rapid7. (2018, January 11). What is the Difference Between a SOC and a CSIRT? Retrieved

November 18, 2018, from https://blog.rapid7.com/2017/04/19/difference-between-a-soc-and-

a-csirt/