ABSTRACT
Incidents could include anything from a natural disaster to a successful attack and compromise of a customer database. A requirement for any robust security solution is therefore the ability to detect network incidents occurring on the network and respond to them in real-time. An intrusion detection system monitors events occurring on the network and analyzes them in real-time to determine whether intrusions are occurring. Whether a committee is involved with company-wide events planning, safety, or computer incident response, a standard operating procedure manual should exist to guide their meetings and training sessions. A computer security incident response team (CSIRT) primary function is responding to computer-related incidents, a CSIRT should provide an organization with the following services, computer incident response, post-mortem investigations, law enforcement liaison, CSIRT manual, event preparedness, recommendations for improvements, training, documentation and technical analysis.
