Understand CSIRT process and be able coordinate and respond to CERT

Understand CSIRT process and be able coordinate and respond to CERT

CSIRT – Computer Security Incident Response Team
CSIRT – “One particular organizational entity that may be established to help coordinate and manage the incident management process in an organization is a computer security incident response team” (us-cert.gov)
The team’s mission is to focus on minimizing damage, and recovering quickly. Responsibility: Collects and analyzes all evidence, determines root cause, directs the other security analysts, and implements rapid system and service recovery
CSIRT incident handling activities include:
• determining the impact, scope, and nature of the event or incident
• understanding the technical cause of the event or incident
• identifying what else may have happened or other potential threats resulting from the event or incident
• researching and recommending solutions and workarounds
• coordinating and supporting the implementation of the response strategies with other parts of the enterprise or constituency,1 (Links to an external site.) including IT groups and specialists, physical security groups, information security officers (ISOs), business managers, executive managers, public relations, human resources, and legal counsel
• disseminating information on current risks, threats, attacks, exploits, and corresponding mitigation strategies through alerts, advisories, Web pages, and other technical publications
• coordinating and collaborating with external parties such as vendors, ISPs, other security groups and CSIRTs, and law enforcement
• maintaining a repository of incident and vulnerability data and activity related to the constituency that can be used for correlation, trending, and developing lessons learned to improve the security posture and incident management processes of an organization
For your assignment, you work in the information security department of a hospital. You are responsible for all CERTs that are reported at the national level that impact the hospital’s systems/infrastructure.
You will be responding to this vulnerability listed below. :
https://www.kb.cert.org/vuls/id/119704/ (Links to an external site.)
Microsoft Windows Task Scheduler SetJobFileSecurityByName privilege escalation vulnerability
Following the guidelines in the syllabus, document who, what, and how the CSIRT will respond to this CERT. You can approach this as a bullet point format with steps/roles or in research paper form all in APA format. I want to be able to see that you understand the different facets of incident response.
Main focus: Understand CSIRT process and be able coordinate and respond to CERT.
• Short paper on topic (4-5 pgs)*

Solution Preview

Computer Security
Computer security incident response team is an entity within an organization and is tasked with roles and responsibilities of supporting and coordinating response to computer security events or incidents (“CSIRT, Computer Security Incident Response Team”, 2019). The team members involved in response to these incidents are information security manager who is the leader of CSIRT, chief of transportation technology, the inspector general and CRIST incident manager.

(1,137 words)