I need your help about the Establishing the CERT/CSIRT
I am in phase of planning the CERT Process and Team. I will appreciate if you can help me for the following questions:
1. What Scope the CERT should have ideally it should address the incidents related to the information security i.e. Confidentiality/Integrity/Availability, but what will be the role of CERT in case of Physical Security Breach or Theft of Critical Hardware?
2. Should CSIRT also come in action in case of any IT Security Policy violation for example Pornography although it does not hit the three pillars of the IT Security CIA but it is against the company policy so who is going to take care of such policy violation?
3. How can I define the categorize incidents levels should I do it at high level for example DoS Attack, Hacking, Virus and Malicious Program and Unauthorized Access to Information or I should be more specific and define each incident in detail.