ABSTRACT
To be effective, incident response requires a team of
people to help recover from the incident. Technological
recovery is only one part of the response process. In addi-
tion to having both IT and information security staff on the
response team, there are several non-technical people who
should be involved. Every response should include a senior
executive, general counsel, and someone from public rela-
tions. Additionally, depending on the incident, expanding
the response team to include personnel from HR, the phy-
sical security group, the manager of the affected area, and
even law enforcement may be appropriate.