The incident response team’s goal is to coordinate and align key resources and team members during a cyber security incident to minimize impact and restore operations as quickly as possible. This includes the following critical functions: investigation and analysis, communications, training, and awareness as well as documentation and timeline development.
- Determine and document the scope, priority, and impact.
- Define and categorize security incidents based on asset value/impact.
- Document and educate team members on appropriate reporting procedures.
- Collect relevant trending data and other information to showcase the value the IR team can bring to the overall business.
- Investigate root cause, document findings, implement recovery strategies, and communicate status to team members.