Technical Skills:
Fundamental Concepts and Internet
- Knowledge of Fundamental Security Concepts(eg. authentication,integrity,access control,privacy)
- Identifying Risks,Threats(data,information,computers and networks)
- Knows how the Internet Works(history and infrastructure)
- Basic understanding of all security domains, products available and their working principle (IDS/IPS,DLP,MDM,ATP...)
- Basics of social engineering tactics
(Read more: Checklist to Evaluate IT Project Vendors)
Network security
- In-depth knowledge of network protocols and vulnerabilities( MIM, spoofing)
- In-depth knowledge of network infrastructure and its working
- Basics of network configurations and working(firewalls,routing techniques, packets in motion..)
- Basics of Public Data Networks
Transport Layer
- Understanding Email protocols(SMTP,MIME...)
Coding and OS
- Recognize malicious code( general Viruses, Trojans)
- Aware of secure coding practices
- Preferably has some practice with coding languages( C,Java,Perl,Awk,Shell..)
- Understanding the security vulnerabilities of the host system and network
- Basics of security vulnerabilities in common Operating Systems(UNIX,WINDOWS,LINUX...)
- Knows Use of Digital Signatures and Hash Algorithms
Encryptions
- Aware of latest hacks,vulnerabilities along with attack methodologies
- Understanding Basics of Encryption types used by the Organization
Expertise
- Expert understanding of internet technologies ( DNSSEC,IPv6,VoIP,ATM etc.)
- Expertise in analyzingg huge databases, log audit trails and able to identify threat trends and frequency
- Preferably an idea of basic tools used(cmd.exe,PsLoggedOn,netstat,Fport etc. )
- Aware of robots/automated vulnerabilities( web crawling and sql injection..)
- Simulation of incidents and hands on training will give practical sense and confidence
*Apart from the above requirements, it is best to have a highly technical person for each technical front, they may have team members less competent whom they can mentor.
(Read more: How the Heartbleed bug was found by Antti Karjalainen - discoverer ...)
Personal Skills:
- Management abilities
- Stress Handling
- Impromptu action
- Reasoning abilities
- Process defining
- Communication skills
- Team worker
Note:
- Domain experts of certain fields can be a good choice like- applications, network, mail and database.
- Consider outsourcing this effort to a consultancy which results in lower costs as you don't need a team waiting for incidents to take place, rather treat only when affected. However, this must be preceded by references and study.
- A Legal Advisor can be of umpteen help, in assisting of gathering information, recommendations and remediation when an incident/breech takes places
References: http://ptgmedia.pearsoncmg.com/images/1578702569/samplechapter/1578702569.pdf
https://msisac.cisecurity.org/resources/guides/documents/Incident-Response-Guide.pdf (has warning)
http://www.cert.org/incident-management/csirt-development/csirt-staffing.cfm
http://www.bankinfosecurity.in/incident-response-5-critical-skills-a-4214/op-1
Comments