Incident Response Team
The American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) created an Incident Response Plan template which you can find here.
It contains a lot of useful info, including a good description of an Incident Response Team. Here’s an excerpt:
An Incident Response Team is established to provide a quick, effective and orderly response to computer related incidents such as virus infections, hacker attempts and break-ins, improper disclosure of confidential information to others, system service interruptions, breach of personal information, and other events with serious information security implications. The Incident Response Team’s mission is to prevent a serious loss of profits, public confidence or information assets by providing an immediate, effective and skillful response to any unexpected event involving computer information systems, networks or databases.
The Incident Response Team is authorized to take appropriate steps deemed necessary to contain, mitigate or resolve a computer security incident. The Team is responsible for investigating suspected intrusion attempts or other security incidents in a timely, cost-effective manner and reporting findings to management and the appropriate authorities as necessary. The Chief Information Security Officer will coordinate these investigations.
The Incident Response Team will subscribe to various security industry alert services to keep abreast of relevant threats, vulnerabilities or alerts from actual incidents.
It also suggests that the incident response team be composed of the following members:
- Information Security Office (ISO)
- Information Technology Operations Center (ITOC)
- Information Privacy Office (IPO)
- Network Architecture
- Operating System Architecture
- Business Applications
- Online Sales
- Internal Auditing
An archive of the template can be found here: Incident Response Plan Template
Great info! Check it out!