Conclusion

Again, nothing in this chapter or book is a substitute for proper legal advice, preferably prior to the fact.A representative from the general counsel should be available to the incident response team, if not an actual member. If the corporate counsel is not well versed in the intricacies of employment law, criminal statutes, intellectual property issues, and computer crime, outside counsel might be warranted. It will be much more difficult later when dealing with law enforcement agencies to say that the team was unaware of the specific steps to follow in collecting and safeguarding evidence. It will be even more difficult later when the company is sued for failing to maintain adequate safeguards.

Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.