Incidence Response Team
A computer incident response team is a group of well-trained people carefully selected given the role of handling an incident correctly and promptly so that it can be contained in the least amount of time possible. The members of the team usually come from within an organization. Those who can be on the team must be the people who can delegate their duties or drop what they are doing and have the authority to take action and make decisions.
Who belongs to the Incidence Response Team?
The composition of the incidence response team and what they do largely depends on a company’s needs and resources. The list of possible members and their roles are as follows:
Management
A member of the upper management level should be on the team. This member will be responsible for making the big decisions.
Additionally, the management needs to be on the team to support it, without which, the team will not be an effective resource. Management should be involved in the whole security process including selecting a team, handling responses, developing a policy, and evaluating security. The role of management, other than giving the team the operation authority is to make the major decisions on the basis of other members’ input.
Information Security
These are the members of information security trained in handling electronic incidents. They are important members of the team because of their ability to handle a range of incidences and are able to provide options to the management and the implications of the options. Their role in the team includes assessing the extent of the damage, recovery, and containment.
Security
These are the people responsible for the physical safety of the company. In case the organization faces an incident that contacts the systems directly, the security personnel are the ones who can assist. Their role in the team includes assessing any physical damages, investigating physical evidence, and protecting the evidence during an investigation by the forensics team.
Attorney
A company attorney is a useful person in the team who supplies the incident response team with legal advice. Their role is to ensure that any evidence collected during an investigation is admissible in a court of law. The attorney is also responsible for advising the team on the issues of liabilities in the case that the incident affects other customers, the general public, or the vendors.
Human Resource
Most incidents usually involve the employees of the company. The role of Human Resources is to give advice on the best ways of handling situations that involve employees. More often than not the HR will not be called upon to help when an incident has occurred until when the investigations begin. They will only be called upon if an employee is found to be a part of the incident.
Financial Auditor
When an incident occurs, it is usually hard to put a monetary figure on the damage that has resulted. Insurance companies frequently require this monetary value. In the case, that a company chooses to press charges against the perpetrators, an accurate figure will be needed. The role of the financial auditor is, therefore, to place a monetary value on the extent of damage from the incident.
An organization may choose to include members from outside the company such as technical specialists, law enforcement, and vendors.
References
Borodkin, M. (2001). Computer Incidence Response Team. Incidence Handling. Retrieved from https://www.sans.org/reading-room/whitepapers/incident/computer-incident-response-team-641
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question
What is an incident response team?
Describe the team in detail.
What individuals make up the team?
What are their roles in an organization and in the team?
What skill set should the individuals have, and why?