Team Modules/Organization-
- IR Management
- IR Core Team
- IR Secondary Team
- IR Communication Team
- Technical Assessment & Forensics Team
- Technical Support Team
- IR Support Team
(Read more: My Key Learning While Implementing Database Security)
Working of Org Chart-
- IR Management- Highest level of Management in Incident Response Organization. Oversees Incident Scenario as a whole and consider threat reports, preventive measures and ROI timely.
- IR Core Team- IR Experts track incidents and directly report to IR Management. Responsible for setting up effective Security Infrastructure.
- Communication team- (consists of Public Relations Officer & Contact Lead) Coordinates with IR Core Team for communicating to the masses like employees,customers etc. Communication team help desk should report incidents to IR Technical Assessment Team.
- IR Technical assessment & Forensics team- Tracks all incidents and reports to IR Core Team members. Reports incidents to IR Core team.
- Technical Support Team or IR Support Team- Reports to Technical Assessment Team. Provides supportive measures based on earlier solved incidents only. New nature of incidents may need to be escalated.
- Secondary IR Team(HR,Legal,Training)- Reports to and Coordinates with IR Core Team members and may work as team during incident handling. Responsible for IR resources, training and skills, along with security awareness in common employees and customers.
(Read more: How effective is your SIEM Implementation?)
ref-
CSIRT Team pg 23 http://www.sans.org/reading-room/whitepapers/incident/creating-managing-incident-response-team-large-company-1821
http://resources.sei.cmu.edu/asset_files/Handbook/2003_002_001_14099.pdf
https://technet.microsoft.com/en-us/library/cc700825.aspx
http://www.sans.org/reading-room/whitepapers/incident/computer-incident-response-team-641
Incidence Resp. & Forensics-Johnson 111
Comments