Training the Team
One of the major advantages of a virtual team is that members stay current on technology through their normal operations jobs. A full-time team, if there aren’t sufficient incidents (or the incidents do not impact certain systems or applications), can become out of touch as new technology is deployed within the company. No incident response team member can possibly know a system as well as the people responsible for maintaining it on a daily basis.
If the focus of the team members is on daily operations, however, they might not consider that many things change during an incident. For example, a systems administrator will think nothing of logging in as root to investigate a malfunctioning server. If the server has been compromised, ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
