Summary
This chapter presented the need for an incident response team and provided a guide to developing this capability in the enterprise. It is important to gain support from the other IT and business teams that will be involved or affected by incidents in the enterprise. Their support will ensure that the incident team is successful and able to remediate the incident in a timely manner and set proper priority to the incident. It is critical that the process be adopted by the entire enterprise to be effective. Deciding whether to develop this capability in-house or to contract to a third party must seriously be evaluated when an incident of significant impact occurs, and the correct route to follow will depend upon which method can return the enterprise to normal business the fastest should be the route to follow. If the enterprise has decided to perform this function in-house, proper training and complete understanding of the legalities involved with incident response must not only be...
