18.1. Create a Response Chain of Command

The first step in responding to an attack is to develop a clear chain of command, and ensure that it is distributed to everyone. A well-thought-out chain of command will serve two purposes: It will help get security incidents resolved faster, because the right people will be notified, and it prevents the security department from being overrun with unrelated requests.

There are usually three groups involved in creating and supporting the response chain of command: network administrators, server administrators, and security administrators. Each of these groups should have different responsibilities, and be responsible for different security incidents. The idea is to have the group most closely associated ...

Get The Practice of Network Security: Deployment Strategies for Production Environments now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.