Building the incident response team
Each team identified from previous meetings for building enterprise support for incident response will need to identify resources with areas of expertise that can be committed to incident response in the event the process is triggered. The capacity in which they are engaged is dependent on the severity of the incident and may serve in an advisory role for less severe incidents. Each assigned resource must be made aware of the responsibility of being a member of the incident response team and respond within agreed service-level agreements (SLAs).
The confidentiality of security incidents is as important as a forensic investigation and should be treated as such until the full impact of the incident is understood ...
Get Enterprise Security: A Data-Centric Approach to Securing the Enterprise now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.