Have you ever wondered about who handles cybersecurity incidents in the Government? Look no further than the Government IT Security Incident Response (GITSIR) team. Established in 1997, GITSIR enables the Government to provide a swift response to cybersecurity incidents. Here’s a quick look at what the team does:
GITSIR proactively publishes alerts, advisories and directives on security vulnerabilities and threats, and highlight cybersecurity best practices to address the latest and upcoming cyber threats.
However, incidents may still occur from time to time. Agency users or IT teams that detect unusual activities or suspected malware must report their observations to GITSIR. Each Agency has appointed its own team of Security Incident Response Managers and Officers (SIRMs/SIROs). Together with the Chief Information Security Officers (CISO) and GITSIR, they work together to take the necessary steps when faced with possible cybersecurity threats.
GITSIR uses the IT Security Incident Framework process to identify the incident’s root cause and provide recommendations to agencies, who will then contain, recover and strengthen themselves against future attacks. GITSIR helps to triage each report to ascertain the severity of each case as well as coordinate with the parties involved, and advise affected agencies on appropriate actions. It also carries out forensic and malware analysis and helps the Government prevent future attacks.