From the course: SSCP Cert Prep: 4 Incident Response and Recovery
Creating an incident response team
From the course: SSCP Cert Prep: 4 Incident Response and Recovery
Creating an incident response team
- [Instructor] One of the most important tasks that you'll undertake in your incident response program is building and staffing your incident response team. This team will likely need to be available on a 24/7 basis, and you should have primary and backup personnel assigned to cover vacations as well as extended periods of operation. Incident handling is a wonderful professional development opportunity and it helps team members keep their technical skills sharp. Some of the groups that should be represented in your incident response team include management, cyber security personnel, technical subject matter experts, such as database administrators, developers, system engineers, and virtualization experts, legal counsel, public affairs and marketing staff, human resource team members, and your organization's physical security team. Including the right team members is critical to building the relationships that you'll need during an incident. You won't necessarily need to activate all team members for every incident, but each of these groups should have representatives trained and ready to participate before an incident strikes. Once you have your team in place, you should work with them regularly. Don't wait until incidents occur to pull everyone together. Provide the team with your incident response plan documentation, and conduct regular training and testing to ensure that they work well together and that they're ready to react quickly in the event of an incident. As you build out your incident response team, you may find that your organization lacks some of the capacity to handle security incidents. For example, you might discover that you don't have the forensic capabilities within your team to conduct investigations and supportive incident response efforts. In those cases, you may wish to consider retaining an external incident response provider to assist you. And one important tip. You don't want to try to locate a new service provider and negotiate a contract with them in the middle of an incident. Plan in advance and get the paperwork in place to use a provider immediately when you discover a problem. Your incident response team will be a crucial asset as you work to address the impact of a security incident. Be sure that you take the time now to design and train your team, so that they're ready to respond in the event of an actual cybersecurity incident.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
Build an incident response program4m 26s
-
Creating an incident response team2m 17s
-
(Locked)
Incident communications plan2m 44s
-
(Locked)
Incident identification4m 30s
-
(Locked)
Escalation and notification2m 30s
-
(Locked)
Mitigation2m 25s
-
(Locked)
Containment techniques3m 2s
-
(Locked)
Incident eradication and recovery5m 37s
-
(Locked)
Validation2m 24s
-
(Locked)
Post-incident activities3m 52s
-
(Locked)
Incident response exercises1m 39s
-
-
-
-
-
-