The computer security incident response team (CSIRT) of an organization disseminates detailed
descriptions of recent threats. An IS auditor’s GREATEST concern should be that the users might:
use this information to launch attacks.
forward the security alert.
implement individual solutions.
fail to understand the threat.
An organization’s computer security incident response team (CSIRT) should disseminate recent
threats, security guidelines and security updates to the users to assist them in understanding the
security risk of errors and omissions. However, this introduces the risk that the users may use this
information to launch attacks, directly or indirectly. An IS auditor should ensure that the CSIRT is
actively involved with users to assist them in mitigation of risks arising from security failures and to
prevent additional security incidents resulting from the same threat. Forwarding the security alert
is not harmful to the organization, implementing individual solutions is unlikely and users failing to
understand the threat would not be a serious concern.