10.5 Incident handling team implementation


10.5 Incident handling team implementation

The incident response team is the heart and soul of the incident response system and must have a clearly defined scope of responsibilities. The members of the business as a whole must know that they have an incident response system in place and a team that supports it. An incident response team is composed of a cross section of various business groups, made up of professionals who come to the rescue when an emergency arises. This team, by default, will have authority to make command decisions based on the best interests of the business. A successful team will include technical personnel, management personnel, and legal and communication experts. The team will have various ownership roles within the confines of the incident response system. When you compile your team, you will need to look at the following roles and assign people to fill them:

  1. Management

  2. Technical lead

  3. Legal support

  4. Communications

  5. Interface to the security committee

  6. Security officer

The incident response team must be ready to respond to an incident the moment it occurs. In order to facilitate this, you must create a high-level decision matrix. The following categories make up that decision matrix:

  1. Owner: makes the decisions and owns the process

  2. Helpers: team members who help out on a process

  3. Advisors: team members who advise on a process

  4. Implementers: person or persons doing the work

  5. Updaters: part of the team that is updated with the status and actions from other team members

Table 10.1 shows some examples.

Table 10.1

Activities/Roles

Technical Lead

Technical

Legal

Communications

Management

Initial Response

Owner

Implements

Updated

Updated

Updated

Implements temporary fix

Implementer

Owner

Updated

Updated

Advises

Sends communications

Advisor

Advises

Advises

Implements

Owner

Check with local law enforcement on incident (or FBI)

Updater

Updated

Owner

Updated

Implements

Implements permanent fix

Implementer

Owner

Updated

Updated

Updated

Financial impact to business

Updater

Updated

Advises

Updated

Owner

The team compiled by the business must meet the requirements of the business being protected. The most important step is to include all the departments affected by the incident in the loop. There may be some steps each department will need to perform in response to the event by which they have been affected. The team membership will also need to be reevaluated periodically as needs change or as new components are added to the Internet system. Team membership should always be an ongoing process.




Internet Security(c) A Jumpstart for Systems Administrators and IT Managers
Internet Security: A Jumpstart for Systems Administrators and IT Managers
ISBN: 1555582982
EAN: 2147483647
Year: 2003
Pages: 103

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net