Which action would be the responsibility of the First Responder once arriving at the scene of a suspected incident as part of a Computer Security Incident Response Plan (CSIRP)?
The First Responder plays a critical role in the Incident Response process on the CSIRT (Computer Security Incident Response Team).
Here is a list of some typical responder tasks:
-- Make sure that the correct system is identified and photograph the scene, if necessary.
-- Conduct an initial interview (not an interrogation) of any witnesses.
The decision to notify law enforcement requires explicit approval and direction form management and/or counsel. While a First Responder may collect initial data while minimally intruding on the system, no major changes, or indepth media analysis should be performed by the First Responder when initially responding to a suspected incident.
Currently there are no comments in this discussion, be the first to comment!