External Coordination
An incident response team cannot exist in a vacuum. Several of the other chapters in this book discuss issues related to dealing with other company organizations. It bears repeating that the team must involve other company personnel to effectively manage the incident.
The systems affected in a security incident do not belong to the response team. They exist for the sole purpose of filling a business requirement. There is no difference in availability between a system compromised by an intruder and a system taken offline waiting for examination.
Coordinating with organizations outside the company might also be within the purview of the incident response team. The team might coordinate directly or might go through other company ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
