Summary
Organizing and running an incident response team is an ongoing effort that requires continuous attention. It is not sufficient to pay consultants to come in, design a team, deliver a document, and walk away. The formation and design are only the first steps.
The acceptance of the team depends on its perceived capabilities, its ability to coordinate with other organizations, and the expertise and professionalism it displays when working with actual incidents. The team will not be successful until the other stakeholders in the company view it as an important ally in the protection and preservation of their data.
To gain that acceptance, the team must demonstrate that it is not a threat to other (perhaps rival) organizations but that it ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
