Incident Response Team Roles and Responsibilities Checklist

Download Free Incident Response Team Roles and Responsibilities Checklist

Scope
Responsible for the daily operation of the computer incident response team. Develops organizational policies related to incident response and secures authorization for their implementation. Provides general direction to and review of subordinate team leaders. Recognized as the organization's expert on computer incident response, security threats, and vulnerabilities. Liaisons with law enforcement and other incident response teams as needed.

Job Complexity
Works on computer security problems attributed to both internal and external threats. Tracks incident response trends to identify and evaluate fundamental security problems and needed improvements within the organization. Addresses managerial, financial, marketing, and security issues related to the protection of corporate information assets. Must be able to act quickly and decisively in a crisis situation.

Discretion
Can commit company resources needed in the course of incident response. Must be able to escalate concerns/issues when needed.

Interaction
Regularly interacts with end users, managers, senior managers, and executives. Interactions can involve controversial situations, resource negotiations, or situations calling for influencing and persuading other senior-level managers and executives. Actions can influence policy making, resourcing, company reputation, possible litigation, deployment of human resources, or the like.

Incident Handler Position Description
An incident handler will use a wide range of technical and personal skills to detect and respond to computer incidents within the organization. This person will provide guidance to end users and system administrators alike, concerning computer security threats and vulnerabilities. This position reports to the computer incident response team leader, and works closely with help desk and security operations center (SOC) personnel.

Responsibilities
- Respond to suspicious activity reports received from end users and the IT staff
- Identify potential vulnerabilities with corporate information resources
- Enter and process trouble tickets on reported vulnerabilities and incident reports
- Provide input to the help desk regarding new security vulnerabilities and threats
- Test patches advertised to resolve pertinent vulnerabilities
- Write company security alerts, including information on recommended courses of action
- Track incident statistics and summarize weekly performance in the company trend report
- Respond on-site to computer incidents as required, preserving evidence of wrongdoing for possible prosecution
- Support law enforcement efforts on any computer crimes detected on corporate information systems
- Brief managers and end users on the company's incident trends, vulnerabilities, and other related information
- Prepare media briefs for management on specific incidents
- Provide end-user training on incident reporting and security countermeasures
- Other duties as assigned

Qualifications
- Knowledge of major protocols and operating systems used by the company
- Two to three years computer security experience
- Strong written and verbal communications skills
- Strong deductive reasoning skills
- Completion of at least two GIAC certifications