In the event of a computer security incident, the Computer Security Incident Response Team (CSIRT) will respond. If possible, two or more CSIRT members should be participating in a security incident. From the ticket opening to the ticket closing, a timeline and strict documentation should be kept, detailing events as necessary.
The goals of CSIRT are as follows:
- Detecting Sensitive Data Exposure
- Detecting Vulnerability that Allowed Incident to Occur
- Remediation and Prevention
At any time, if a piece of equipment comes under the custody of the CSIRT, a chain of custody form will need to be filled out and maintained.