Building Your Incident Response Team
In order for an organization to properly respond to a breach or incident, they need to have a proper incident response team. These are the people who are responsible for analyzing security breaches, as well as taking all necessary measures to respond to it. At its very core, the incident response team needs to be comprised of:
Incident Response Manager
This is the person who oversees everything for the team and prioritizes activities during the detection, analysis, and containment of a security breach. They also have the responsibility of conveying any special requirements to the rest of the company when it comes to highly sensitive incidents.
The manager of the incident response team is then supported by a team of security analysts who work directly on the affected network in order to research the location, time, and any other details related to the incident. Generally, there are two types of security analysts within an incident response team:
They are in charge in recovering key artifacts and maintaining the integrity of any and all evidence found for a sound investigation.
They monitor any intrusion and filter out false alarms or false positives.
The threat researcher complements the role of security analyst in providing threat intelligence, along with context about the incident. They continue to do research all over the internet and other sources to stay updated about external threats. Using this information along with the company’s records, they can create and maintain a proper database of threat intelligence to use as a defense.
Implement Cross-Functional Support
The incident response team should not be the only people responsible for reacting and dealing with security breaches, threats, and other incidents. Each person who is part of the business should understand and be advocates for incident responses. This ensures that proper procedures run smoothly during an emergency and help the task of the incident response team to manage the situation.
Every area of the business should have responsibilities in case of an attack, and this includes:
The buy-in of top management is crucial to the incident response team, since they provide the funding and resources to acquire the staff and tools needed for incident responses and execution.
Human Resource Department
They play a huge role with the incident response team if it is discovered that an employee is involved with an incident.
An attorney is required so they can help maintain the integrity of any forensic evidence recovered by the incident response team, which is useful if the company decides to take legal action. They can also advise on matters pertaining to liabilities that affect customers, clients, vendors, or the general public.
Risk Management Specialists and Auditors
They help develop the threat matrix and vulnerability assessments, along with encouraging best practices within the organization.
They communicate an accurate account of any incident to the leaders of the company, along with the shareholders, stakeholders, and the press, if necessary.
Team Communication Is Crucial
When communicating during an incident, this should be done carefully to protect the confidentiality of the information being disseminated. The manager of the incident response team would be the main point of contact, and only people who are in the need-to-know category should be alerted to the information the team has gathered. Secure communication is important so the potential attacker can’t monitor it, which would lead to more problems.