Once the enterprise has determined that security incidents require a process or set of processes in order to respond properly, the security team must begin working with key teams to build the formal process. Because there will be a need for support from the various teams in the enterprise, it is important to involve them in the development of the incident response process. This will also enable the teams to build the necessary procedures to react to specific types of incidents.

The key concepts and knowledge transfer of a forensic approach to a response is important to ensure that legal action can be taken if warranted. As with security operations, it is equally important to have experts in various technologies provide ...