Pro-activity is always better than re-activity especially when it comes to IT security. Being reactive, (taking action after an incidence happens) is more costly than being pro-active (taking measures before incidences happen), therefore incidence response should attract greater interest during policy making and management strategies. Clearly there are direct advantages of being proactive as well as long-term indirect financial merits. This paper aims at providing a plan, a recommended process and procedures, which can be used while responding to incidences in Information Technology departments. For a successful response to Information Technology incidences including theft of laptops.. (Butterfield, Ngondi & Kerr, 2016).

However, it is practically impossible to prevent all incidences of security. To minimize the occurrence and impact of security incidences administrators should well establish, enforce and reinforce all security processes and procedures.  Also they should ensure support of the management for better handling of security policies and handling of incidents. There must be routine checks on systems for vulnerabilities with well established security training programs for staffs and also for end users. Authentication, back-ups, and restore procedures should be put in place. The creation of Security Incident Response Team, CSIRT, for response on security issues is paramount too (Knowledge, 2015).

The CSIRT is the pivotal point in dealing with systems security. It consists of a team that is responsible for dealing with security incidents. The CSIRT team ensures that there are no system breaches, acts as the centre of communication, catalogues and documents all the security incidents, promotes awareness on security, discovers any new vulnerabilities, offers consulting services on security, analyzes and develops new measures and technologies to curb any security incidences proactively, and carries out research on new security measures. The CSIRT needs lots of preparation through proper training on use of security tools, ensuring that all contact and communication information is available, and placing all emergency information on systems centrally in an offline location accordingly (Butterfield, Ngondi & Kerr, 2016).

The CSIRT team has different roles and key members including the team leader who is in charge of coordinating all the team activities.  The incident leader includes an individual who is responsible for a certain security incident and for the coordination of a response towards that incidence. The CSIRT associate members handle and respond to specific incidents and come from a variety of developments. They may include legal representatives, public relation officers, IT contact professionals, and the management (Knowledge, 2015).

Though the CSIRT team is responsible for the response, the IT fraternity in the company must  be made aware with the end users encouraged to report any type of theft or suspicious incident.