CIRT, Through Conception Labor and Delivery

The face of the Internet has changed drastically in recent years from a research network to an online transaction clearing house accessible to nearly every home in America. It is this transformation and accessibility that has given birth to a variety of conveniences as well as a new medium from malicious hackers to try out their techniques. The latter point is the one that many IT organizations are focused on defeating. The amount of malicious code available on the Internet and the relative ease with which one can access it and the systems connected to it has created a distributed model for exploitation of dizzying proportions. Dedicated corporate information security teams and a methodical process for dealing with events are one way to thwart the efforts of these evil doers. The purpose of this case study is to show the efforts, successes and failures recently experienced by a company new to adopting a security posture. It is my goal to provide you with an understanding of what you might face in conceiving and delivering a similar infrastructure in your environment. The focus of the study is around the creation, implementation and utilization of a Company Security Action Team (CSAT) and their direct experience with an event that called their Computer Incident Response Team (CIRT) into action.