This preview shows page 1. Sign up to view the full content.
Unformatted text preview: ed to it. For instance, if the file server is infected, it should
be removed from the network, but not shut down. However, if the mail server is infected, it should not be removed from the network or shut down because of the priority the company attributes to the mail server over the file server. Tradeoffs and decisions
will have to be made, but it is better to think through these issues before the situation
occurs, because better logic is usually possible before a crisis, when there’s less emotion
All organizations should develop an incident response team, as mandated by the
incident response policy, to respond to the large array of possible security incidents.
The purpose of having an incident response team is to ensure that there is a group of
people who are properly skilled, who follow a standard set of procedures, and who are
singled out and called upon when this type of event takes place. The team should have
proper reporting procedures established, be prompt in their reaction, work in coordination with law enforcement, and be an important element of the overall security program. The team should consist of representatives from various business units, such as
the legal department, HR, executive management, the communications department,
physical/corporate security, IS security, and information technology. ch10.indd 880 12/4/2009 11:39:10 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 Chapter 10: Legal, Regulations, Compliance, and Investigations 881
There are three different types of incident response teams. A virtual team is made up
of experts who have other duties and assignments within the organization. This type of
team introduces a slower response time, and members must neglect their regular duties
should an incident occur. As a result, a virtual team can be costly. However, a permanent
team of folks who are dedicated strictly to incident response can be cost prohibitive to
smaller organizations. The third type of incident respon...
View Full Document
This note was uploaded on 06/01/2013 for the course NET 125 taught by Professor Hurst during the Fall '12 term at Wake Tech.
- Fall '12