5 steps to a winning incident response team

People are the core of any incident response effort.  You must have the right people to provide the right response.  Incident response teams should include a diverse set of individuals across the organization including executives, information technology, security, public relations, legal and relevant 3rd parties.  Here is what makes a winning incident response team.

  1. Winning teams have top level support

Top level support is essential in an incident response team, and executives can provide it.  Executives are the ones who will be able to allocate the resources necessary to take action during a breach, and they can rally support and establish budgets for planning and preparation activities.  Executives also bring legitimacy to incident response plans and procedures.

  1. Winning teams have the technical skills

Almost every incident will require some level of technical skill to resolve it and most incidents will require significant technical effort.  Information technology (IT) team members are usually the first to find out about an incident.  Sometimes users report an incident to IT and in other cases, IT learns about the incident through detective security controls such as log monitoring or intrusion detection systems, or antivirus.  IT is also responsible for making technical changes as incident response activities progress.

  1. Winning teams have a security perspective

A keen understanding of the risks, impact, and scope are needed in incident response.  This is where members of the incident response team responsible for security step in.  Security team members take point on validating reported events and determining if they constitute an incident.  They analyze information collected by technology tools and assess the scope and impact of the incident.

  1. Winning teams know how to communicate

Communication, both internally and externally, is a fundamental component of incident response.  Public relations team members communicate with employees, partners, law enforcement, the media, or investors regarding the incident.  They work with the legal team to understand the compliance and contractual liability and cyber breach notification requirements.

  1. Winning teams cross organizational boundaries

Teams may include both internal employees and contractors.  Incident response is not something most companies do every day, and an effective response requires individuals who have the unique skills, tools, and techniques required to address the incident.  Some third parties that may be part of the incident response team include forensics, security consultants, attorneys, insurance, law enforcement, or upstream providers such as Internet Service Providers (ISP), datacenters, or cloud providers.

Team makeup is critical for successful incident response.  A winning team needs to have adequate support, the required technical and security skills, effective communicators, and outside expertise.  So who is on your team?

This post is sponsored by AT&T Security.

Share Button

Leave a Reply