The Citadel Incident Response System Discussion

I’m working on a cyber security discussion question and need an explanation to help me learn.

Post 1. Disagree or agree, 200 words:

“The incident response team is the heart and soul of the incident response system and must have a clearly defined scope of responsibilities. The members of the business as a whole must know that they have an incident response system in place and a team that supports it. An incident response team is composed of a cross section of various business groups, made up of professionals who come to the rescue when an emergency arises. This team, by default, will have authority to make command decisions based on the best interests of the business. A successful team will include technical personnel, management personnel, and legal and communication experts. The team will have various ownership roles within the confines of the incident response system.

The incident response team should be committed to collect and preserve evidence using methods that can support future legal or organizational proceedings. A clearly defined chain of custody is necessary to avoid allegations of tampering evidence. To accomplish this task the team should keep a log of every entity who had physical custody of the evidence, document all of the actions performed on the evidence with the related date and time, make a working copy of the evidence for analysis, verify the integrity of the original and working copy, and store the evidence in secured location when not in use. Also before touching a physical system, the investigator should take a photograph of it. To ensure the integrity of the process a detailed log should be kept of all the collection steps, information about every tool used in the incident response process.”

—————————————————————————————–

Post 2. Disagree or agree, 200 words:

“First, a core set of individuals will manage the incident response process, maintain relevant repository information, document all incident-related data, provide briefings to anyone interested in the process (including senior management), and interact with other incident response teams. Second, a more dynamically allocated set of subject matter experts will be brought into the incident response activity when an attack is targeting systems they understand best (Armorso).

The main or essential components of an initial response team are the following:

• Incident trigger-Some warning or event must trigger the incident response process to be initiated.
• Expert gathering-Involves a gathering together of the
  appropriate experts to analyze the situation and make recommendations.
• Incident analysis-Analysis of the incident is the primary task
  for the experts gathered during incident response.
• Response activities-The output of any incident response process will be a set of management recommendations on how
  to deal with the incident.

The incident response teams will vary depending on the company or severity of the incident. However, most companies use these general components as a resource for their employees and citizens.”