Incident Handling can be an integral part of an Information Security System; an incident handling system can allow an organization to gain greater awareness and control over the various components of their IT infrastructure.
Formation of Computer Security Incident Response Team (CSIRT)
An organization’s CSIRT will typically be deployed at its headquarters; it will be responsible for handling and analyzing all computer security incidents, such as:
- Tracing of threatening/malicious mails
- Attacks on machines (hacking incidents)
- Ingress of Malware
The CSIRT will have an in-house incident management centre which will house the various hardware and software required for incident handling. It will also serve as a liaison between the organization and CERT-In, and will forward them any incidents that the CSIRT is unable to handle on its own