Technical support personnel are those individuals within the organization who do not have CSIRT activities as part of their day-to-day operations, but rather have expertise or access to systems and processes that may be affected by an incident. For example, the CSIRT may need to engage a server administrator to assist the core team with acquiring evidence from servers such as memory captures or logs. Once completed, the server administrator's role is finished and they may have no further involvement in the incident. The following are some of the personnel that can be of assistance to the CSIRT during an incident:
- Network Architect/Administrator: Often, incidents involve the network infrastructure. This includes ...