Forming the CSIRT

What are the top two considerations that should be addressed when forming the CSIRT in terms of skills, abilities, procedures, training, deployment, etc?
One top consideration to address when forming the CSIRT is the CSIRT structure and Team Model. The size, organization, and scope of the CSIRT will vary from organization to organization. This is all based on money and resources. Smaller organizations may have to use the staff it already has to form the CSIRT, while larger organizations may have distributed CSIRTs and can designate outside resources or separate resources for the CSIRT. Along with the this, it is important to determine the scope of the CSIRT. Every CSIRT is different so I think it is important to address exactly what is needed and expected for the CSIRT before it determines what type and how many people are needed to carry out the mission. Another top consideration to address is required skills and training that the CSIRT will need from the staff in order to meet its mission. If the CSIRT needs a certain level of abilities and skills, it • must determine how it will obtain and mantain these skills and abilities over time. This means either training existing staff members or bringing in experienced staff members, but all will require continuous training.
What is the most critical flaw or failure when it comes to CSIRT organization and preparation. Here is how I suggest ways management can avoid this pitfall altogether.
I am not sure of how big of flaw or failure it may be, but I think the CSIRT could run into some problems if does not exercise its plans and procedures in real time. Because it is an immediate response team, the team members must be able to jump into the roles quickly and smoothly. Since small and medium sized organizations may use its existing staff for the CSIRT team and the personnel may have other jobs, it seems as if it will be difficult to designate time for these invididuals to practice their roles to make sure that when they do need to respond, they are in sync. I imagine the best way to avoid this pitfall is to make sure that the teams are exercising the procedures constantly, even if they have other jobs within the organization.
Read more from CIS 359 Disaster Recovery Management