All Articles

Technical Skills:

Fundamental Concepts and Internet

1. Knowledge of Fundamental Security Concepts(eg. authentication,integrity,access control,privacy)
2. Identifying Risks,Threats(data,information,computers and networks)
3. Knows how the Internet Works(history and infrastructure)
4. Basic understanding of all security domains, products available and their working principle (IDS/IPS,DLP,MDM,ATP...)
5. Basics of social engineering tactics

(Read more: Checklist to Evaluate IT Project Vendors)

Network security

1. In-depth knowledge of network protocols and vulnerabilities( MIM, spoofing)
2. In-depth knowledge of network infrastructure and its working
3. Basics of network configurations and working(firewalls,routing techniques, packets in motion..)
4. Basics of Public Data Networks

Transport Layer

1. Understanding Email protocols(SMTP,MIME...)

Coding and OS

1. Recognize malicious code( general Viruses, Trojans)
2. Aware of secure coding practices
3. Preferably has some practice with coding languages( C,Java,Perl,Awk,Shell..)
4. Understanding the security vulnerabilities of the host system and network
5. Basics of security vulnerabilities in common Operating Systems(UNIX,WINDOWS,LINUX...)
6. Knows Use of Digital Signatures and Hash Algorithms

Encryptions

1. Aware of latest hacks,vulnerabilities along with attack methodologies
2. Understanding Basics of Encryption types used by the Organization

Expertise

1. Expert understanding of internet technologies ( DNSSEC,IPv6,VoIP,ATM etc.)
2. Expertise in analyzingg huge databases, log audit trails and able to identify threat trends and frequency
3. Preferably an idea of basic tools used(cmd.exe,PsLoggedOn,netstat,Fport etc. )
4. Aware of robots/automated vulnerabilities( web crawling and sql injection..)
5. Simulation of incidents and hands on training will give practical sense and confidence

*Apart from the above requirements, it is best to have a  highly technical person for each technical front, they may have team members less competent whom they can mentor. 

(Read more:  How the Heartbleed bug was found by Antti Karjalainen - discoverer ...)

Personal Skills:

1. Management abilities
2. Stress Handling
3. Impromptu action
4. Reasoning abilities
5. Process defining
6. Communication skills
7. Team worker 

Note:

• Domain experts of certain fields can be a good choice like- applications, network, mail and database.
• Consider outsourcing this effort to a consultancy which results in lower costs as you don't need a team waiting for incidents to take place, rather treat only when affected. However, this must be preceded by references and study.
• A Legal Advisor can be of umpteen help, in assisting of gathering information, recommendations and remediation when an incident/breech takes places

References: http://ptgmedia.pearsoncmg.com/images/1578702569/samplechapter/1578702569.pdf

https://msisac.cisecurity.org/resources/guides/documents/Incident-Response-Guide.pdf (has warning)

http://www.cert.org/incident-management/csirt-development/csirt-staffing.cfm

http://www.bankinfosecurity.in/incident-response-5-critical-skills-a-4214/op-1

http://books.google.co.in/books?id=lPEgnnKWpmYC&pg=PA14&lpg=PA14&dq=skills+required+for+incident+response+personnel&source=bl&ots=gYCcMcKYYo&sig=J7_Lslvwq48PPnF39Bckjtvp9do&hl=en&sa=X&ei=MIgZVMaFL8iwuAS_rYCYDw&ved=0CEMQ6AEwBQ#v=snippet&q=technical%20skills&f=false