What a CSIRT does
A CSIRT’s primary function is to manage cybersecurity incidents effectively. This involves identifying potential threats, analysing their impact, containing the damage, restoring affected systems, and learning from the experience to prevent recurrence. A typical CSIRT comprises specialists in various fields, including incident lead, communications, digital forensics, legal counsel, and executive representation. The ACSC, formerly AusCERT, provides a national CSIRT function, offering guidance and coordination during significant cyber incidents. Australian organisations often interact with the ACSC for incident reporting and support.
CSIRT in Australian tenants today
For AU mid-market organisations, building a fully staffed internal CSIRT can be resource-intensive. A common alternative is to engage an external DFIR (Digital Forensics and Incident Response) firm under a retainer agreement. Regardless of the approach, a documented playbook is essential. This playbook should detail the steps for engaging the ACSC, the OAIC (under the Privacy Act 2024), ASIC (for financial services organisations), and APRA CPS 234/230 where data breaches impact financial stability. Understanding the Notifiable Data Breach scheme requirements is also crucial.