In the event of a computer security incident, the Computer Security Incident Response Team (CSIRT) will respond. If possible, two or more CSIRT members should be participating in a security incident. From the ticket opening to the ticket closing, a timeline and strict documentation should be kept, detailing events as necessary.

The goals of CSIRT are as follows:

  • Detecting Sensitive Data Exposure
  • Detecting Vulnerability that Allowed Incident to Occur
  • Remediation and Prevention

At any time, if a piece of equipment comes under the custody of the CSIRT, a chain of custody form will need to be filled out and maintained.