Testing the Team
Training is only an initial step. After the team is formed and initial training has occurred, the team should be tested. Testing can consist of scheduled events of which the team is aware ahead of time or no-notice tests in which only key personnel know that an incident is actually a test.
It is difficult to realistically simulate a security incident and is virtually impossible to test all aspects of the incident response process. For this reason, it is best to concentrate on critical pieces of the process when designing a test. Team leaders and senior managers should assess the perceived strengths and weaknesses of the team in the context of the corporate culture and decide what portions are most likely to need remedial attention. ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
