Summary
This chapter began with a definition of the term "incident response team." An incident response team is one or more individuals with the mission of dealing with security-related incidents. Why should one form an incident response team? Major reasons include expertise, efficiency, having a proactive emphasis, meeting requirements, establishing a liaison with other teams and organizations, and others.
Forming a response team is not always necessary; in some situations, a response team can actually be detrimental to an organization. Above all else, you have to figure out what role you need to perform and what your basic requirements are. Then you have to identify your constituency and determine how to communicate with them. Staffing, procedures, and other considerations are other critical issues that need to be resolved.
Managing an incident response team presents a set of extremely difficult challenges. Issues such as exuding a positive management style, setting up communications with others, developing and using a reasonable set of metrics, and establishing suitable reporting methods are all critical to response teams. Response team maturity can be characterized in terms of four stages: initial, critical, established, and postestablished. Getting a response team to the established stage or further is an important goal of incident response team managers and their management.