Incident Response Planning

Question 1

Who are the key people that have to be available to respond to any incident that meets the severity and thresholds laid out in the incident response plan?

Answer 1

Incident Response Team

Question 2

What are the key positions of an Incident Response Team?

Answer 2

Incident Response Manager
Security Analysts (Two Types)
--Triage Analyst (Security Analyst)
--Forensic Analyst (Security Analyst)
Threat Researcher
Cross Functional Support

Note: This team is often known as a CSIRT (See-Sirt)

Question 3

Who is the single point of contact for a security incident?

Answer 3

CSIRT

Note: The CSIRT may be a part of the SOC (Security Operations Center) or an independent team (often outsourced)

Question 4

Who are the executives and managers who are responsible for business operations and functional areas, and why are the important regarding incident response?

Answer 4

Senior Leadership, they will have to be the ones to make the business end decisions regarding how incidents are handled such as shutting down a server.

Question 5

What are the governmental organizations that oversee the compliance with specific regulations and laws?

Answer 5

Regulatory Bodies

Question 6

Who is the business or organization component responsible for mitigating risk from civil lawsuits?

Answer 6

Legal

Question 7

Who may provide services to assist in incident handling or to help prepare legal action against the attacker?

Answer 7

Law Enforcement

Note: Senior Execs and Legal Counsel will make the decisions to involve low enforcement

Question 8

What department is used to ensure no breaches of employment law or employee contracts occur during an incident response?

Answer 8

Human Resources

Question 9

Who manages the publicity from a serious incident?

Answer 9

Public Relations