CSIRT involves detection, alert, triage, response (containment and eradication), recovery and follow-up. CSIRT aims to prevent or resume system and business operations as soon as possible while preserving the incidents forensics information for further analysis and security process enhancements. Roles and responsibilities are identified, and escalation procedures are defined to provide an orderly approach to incident response. The interviews with your staff cover critical systems, their defined boundaries, and the risks associated with these systems including critical business functions.”]
Source: https://www.csoonline.com/article/2136344/it–146-s-just-that-simple-amos-.html