Cyber Incident Response

Building and IR team

Skills needed

  • Hands-on technical skills

    • Networking

    • Cybersecurity engineering

    • Memory analysis

    • Reverse-engineering

  • Written and oral communication skills

  • Leadership skills

  • Legal

  • HR

  • PR

Step 1 - Assess existing skill sets

Sometimes what you need already exists in the organization

Could possibly need an outside assessment performed

Never try ti design requirements aroud the existing team

Step 2 - Reach out to other departments

Reach out as early as possible

Be willing to accept some team members are "part-time" IR

Remember to vet for things such as clearance levels and condidentiality levels

Consider outside consultants for some roles

Step 3 - Pick your team!

Pick team members

Set up meetings and orientation

Remember the team may include outside consultants and people outside the IT and Security departments

Step 4 - Acquire funding

Without the first four steps, funding requests might not be representative of what's needed

None of the other things go forward without funding

Step 5 - Implement training requirements

This will include initial training as well as continuing training yearly

PreviousBuilding an IR playbookNextQuiz

Last updated