ABSTRACT
The organizations similar to Computer Emergency Response Teamsprang up all over the world, and companies began creating their own computer security incident response (CSIR) teams. A strong CSIR team actually can become a security task force for the organization, performing audits, leading community education, helping design secure network architectures, and so forth. The priorities of the staff are primarily focused on maintaining basic support and operation of the often–vast amount of computing equipment in place. Some organizations have system and network administrators who are either interested or trained in computer security. These individuals are better prepared to address security within their domain of authority — such as the machines in one department or operating unit, or the equipment on a given network segment. The most important and often the most difficult challenge is convincing management of the business need for an effective and empowered CSIR team as part of an overall risk–management approach.
