ABSTRACT

To be effective, incident response requires a team of

people to help recover from the incident. Technological

recovery is only one part of the response process. In addi-

tion to having both IT and information security staff on the

response team, there are several non-technical people who

should be involved. Every response should include a senior

executive, general counsel, and someone from public rela-

tions. Additionally, depending on the incident, expanding

the response team to include personnel from HR, the phy-

sical security group, the manager of the affected area, and

even law enforcement may be appropriate.