{"id":7115,"date":"2021-07-02T08:14:11","date_gmt":"2021-07-02T06:14:11","guid":{"rendered":"https:\/\/tekmart.co.za\/t-blog\/?p=7115"},"modified":"2021-07-02T08:14:12","modified_gmt":"2021-07-02T06:14:12","slug":"incident-response-team-a-tech-definition","status":"publish","type":"post","link":"https:\/\/tekmart.co.za\/t-blog\/incident-response-team-a-tech-definition\/","title":{"rendered":"incident response team-a tech definition"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time-approximately:<\/span> <span class=\"rt-time\"> 3<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>\n<h2 class=\"wp-block-heading\"><strong>An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency.<\/strong><\/h2>\n\n\n\n<p>By <a href=\"https:\/\/www.techtarget.com\/contributor\/Wesley-Chai\">Wesley Chai<\/a> and <a href=\"https:\/\/www.techtarget.com\/contributor\/Sarah-Lewis\">Sarah Lewis<\/a><\/p>\n\n\n\n<p>An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency. Responsibilities of an incident response team include\u00a0developing a proactive incident response plan, testing for and resolving system vulnerabilities, maintaining strong security best practices and providing support for all incident handling measures. Incident response team members typically cover various technical skills, backgrounds and roles to be prepared for a wide range of\u00a0unforeseen security incidents.<\/p>\n\n\n\n<p>In\u00a0incident response, types of emergencies are usually categorized in two ways:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li><strong>Public incidents.<\/strong>\u00a0These incidents affect an entire community. This could include natural disasters, terrorist attacks and widespread epidemics.<\/li><li><strong>Corporate\/organizational incidents.<\/strong>\u00a0These incidents are typically organization-specific and happen on a smaller scale. This could include\u00a0data breaches,\u00a0cybersecurity\u00a0attacks and physical location threats.<\/li><\/ol>\n\n\n\n<p>Incident response teams are\u00a0trained to be prepared for both types.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Examples of incident response teams<\/strong><\/h3>\n\n\n\n<p>Incident response teams are common in government organizations and businesses with valuable intellectual property. A few examples of the forms an incident response team could take are as follows.<\/p>\n\n\n\n<p><strong>Computer Security Incident Response Team (CSIRT).<\/strong>\u00a0This is a team of professionals responsible for preventing and responding to security incidents. A CSIRT may also handle aspects of incident response in other departments, such as dealing with legal issues or communicating with the press.<\/p>\n\n\n\n<p><strong>Computer Emergency Response Team (CERT).<\/strong>\u00a0This is a team of professionals in charge of handling cyberthreats and vulnerabilities within an organization. In addition, CERTs tend to release their findings to the public to help others strengthen their security infrastructure.<\/p>\n\n\n\n<p><strong>Security Operations Center (SOC).\u00a0<\/strong>This is a type of command center facility that is dedicated to monitoring, analyzing and protecting an organization from cyber attacks. A SOC typically includes threat hunters and analysts that focus only on system security incident response.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Incident response team functions and responsibilities<\/strong><\/h3>\n\n\n\n<p>As companies will have different individual\u00a0risk profiles\u00a0and business processes to be mindful of, specific skillsets within the incident response team may vary. Generally speaking, the core functions of an incident response team include leadership, investigation, communications, documentation and legal representation.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Leadership.<\/strong>\u00a0Coordinates the overall direction and strategy of response activities and ensures the team stays focused on minimizing damage, recovering quickly and operating efficiently.<\/li><li><strong>Investigation.<\/strong>\u00a0Coordinates efforts to determine an incident&#8217;s root cause. It&#8217;s important to gather as much relevant information as possible. Specifically, information that can provide value to correct the acute issue as well as prevent future issues.<\/li><li><strong>Communications.<\/strong>\u00a0Manages relevant\u00a0internal and external communications\u00a0necessary for the incident response. Communications may be required across an organization&#8217;s teams and departments, or with external stakeholders.<\/li><li><strong>Documentation.<\/strong>\u00a0Keeps records of incident response measures and activities.<\/li><li><strong>Legal representation.<\/strong>\u00a0Ensures that the incident response activities taken line up with laws and regulations to protect the organization.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Incident response team location<\/strong><\/h3>\n\n\n\n<p>Locations of incident response teams can vary. Unless a company has a single location, it may not be feasible to keep a full incident response team at each location. Therefore, it&#8217;s likely that incident response teams will not be based out of one physical location. Even if a full team cannot be staffed at each location, companies should aim to keep a trusted representative for each incident response function at each office. <\/p>\n\n\n\n<p>This is because the nature of many technical incidents may demand an in-person investigation and analysis; therefore, access to company equipment and assets is often needed.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Choosing incident response team members<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"717\" src=\"https:\/\/tekmart.co.za\/t-blog\/wp-content\/uploads\/2021\/07\/How-to-build-an-incident-response-team-diagram-1024x717.png\" alt=\"How to build an incident response team diagram\" class=\"wp-image-7116\" srcset=\"https:\/\/tekmart.co.za\/t-blog\/wp-content\/uploads\/2021\/07\/How-to-build-an-incident-response-team-diagram-1024x717.png 1024w, https:\/\/tekmart.co.za\/t-blog\/wp-content\/uploads\/2021\/07\/How-to-build-an-incident-response-team-diagram-300x210.png 300w, https:\/\/tekmart.co.za\/t-blog\/wp-content\/uploads\/2021\/07\/How-to-build-an-incident-response-team-diagram-768x538.png 768w, https:\/\/tekmart.co.za\/t-blog\/wp-content\/uploads\/2021\/07\/How-to-build-an-incident-response-team-diagram-800x560.png 800w, https:\/\/tekmart.co.za\/t-blog\/wp-content\/uploads\/2021\/07\/How-to-build-an-incident-response-team-diagram.png 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption><strong>Choosing members for the incident response team<\/strong><\/figcaption><\/figure>\n\n\n\n<p>Incident response team members will include a mix of technical staff, cross-functional team members and, potentially, external contractors. When choosing specific team members, organizations should look to include:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Technical team.<\/strong>\u00a0IT, security team members and other employees with technical expertise across company systems. The technical team will be the core of the overall incident response team, and should include security analysts and\u00a0threat intelligence<\/li><li><strong>Executive sponsor.<\/strong>\u00a0A senior executive should be present to provide oversight for information security and business\u00a0risk management.<\/li><li><strong>Incident responders.<\/strong>\u00a0Responsible for keeping track of incident response timelines and following up with ongoing management of incidents. May be charged with assessing the scope and urgency of incidents, reporting on trends, educating employees and internal stakeholders, and potentially liaising with law enforcement.<\/li><li><strong>Communications coordinators.<\/strong>\u00a0Responsible for managing internal communications relating to incident response efforts, as well as public relations representatives to manage relationships with media outlets, affiliated business entities and external stakeholders.<\/li><li><strong>Forensic analyst.<\/strong>\u00a0An\u00a0expert in forensics. May be an in-house employee or an outside advising contractor.<\/li><li><strong>External consultant.<\/strong>\u00a0A third-party expert in incident response, information security or technical systems that can advise on cases.<\/li><li><strong>Legal representatives.<\/strong>\u00a0May be an in-house corporate attorney or an outside law firm hired to represent the company if legal action is necessary.<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time-approximately:<\/span> <span class=\"rt-time\"> 3<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency. By Wesley Chai and Sarah Lewis An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency. Responsibilities of an incident response team include\u00a0developing a<\/p>\n<p><a class=\"more-link\" href=\"https:\/\/tekmart.co.za\/t-blog\/incident-response-team-a-tech-definition\/\">Read More<\/a><\/p>\n","protected":false},"author":113,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[75,155,4,30,3,195,9,224],"tags":[],"class_list":["post-7115","post","type-post","status-publish","format-standard","hentry","category-new-normal-courtesy-of-covid-19","category-batting-for-tech-in-the-covid-19-times","category-datacenter-news","category-expert-advise-and-opinion","category-industry-news-and-expert-advise","category-network-visibility","category-tech-definitions","category-technical-explanations"],"_links":{"self":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/7115","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/users\/113"}],"replies":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/comments?post=7115"}],"version-history":[{"count":1,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/7115\/revisions"}],"predecessor-version":[{"id":7117,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/7115\/revisions\/7117"}],"wp:attachment":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/media?parent=7115"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/categories?post=7115"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/tags?post=7115"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}