Discuss ways organizations have built a CSIRT.

What are the components to building an

effective and successful CSIRT team? 

In many organizations, a computer security incident response team (CSIRT) has become essential

to deal with the growing number and increasing sophistication of cyber threats. Unlike a security
operations center (SOC) a dedicated group with the tools to defend networks, servers, and other IT
infrastructure a CSIRT is a cross-functional team that bands together to respond to security
incidents. Some members may be full-time, while others are only called in as needed.

One of building an effective CSIRT is training your entire to understand the value of complementary
skills and roles. This helps organization about its serious, cross-functional nature. Every team
member requires eliminating friction between, for example, technical members in the SOC and
nontechnical CSIRT members (Wiik, Gonzalez & Kossakowski, 2006).

Recruit an effective advocate or executive sponsor is also very essential when building an effective
CSIRT. This should be a staff member at the level of a CISO or executive staff member who can
effectively communicate the impact of an incident to other executives, as well as to board members.
This person is also responsible for ensuring that the incident response team receives appropriate
attention, a workable budget, and retains the authority to act swiftly during crisis.

In addition, Creating a deep bench based on realistic IT budgets is another key practice in coming
up with appropriate CSIRT. Since security incidents can occur at any time, you will need to have
CSIRT staff geographically dispersed to ensure someone will be available throughout meaning
availability within 24 hours. Therefore, having an effective CSIRT in a company is very essential.

Reference:

Wiik, J., Gonzalez, J. J., & Kossakowski, K. P. (2006). Effectiveness of Proactive CSIRT Services.
In IMF (pp. 67-81).