Exploring CSIRT teams and their responsibilities
While security professionals are always fighting the battle against threat actors, there are some cyber-attacks and threats that bypass threat detection sensors and security controls on a network. When such security incidents occur, it's important the security engineer or professional reacts quickly to isolate the threat before it can spread and infect other systems within the organization. Many organizations create a special team of security professionals known as a Computer Security IR Team (CSIRT), which is usually internal to the organization.
A CSIRT is responsible for IR within the entire organization, as well as implementing security controls and countermeasures to prevent future cyber-attacks. They are also responsible for the continuous security testing of the organization's security posture, such as performing vulnerability scanning and assessments, and penetration testing to discover any hidden security weaknesses...
