Which one of the following is NOT a factor to consider when establishing a core incident response
team?
A.
Technical knowledge
B.
Communication skills
C.
The recovery capability
D.
Understanding business policy
Explanation:
The team should have someone from senior management, the network administrator, security
officer, possibly a network engineer and /or programmer, and liaison for public affairs…The incident
response team should have the following basic items List of outside agencies and resources to
contact or report to List of computer or forensics experts to contact Steps on how to secure and
preserve evidence Steps on how to search for evidence List of items that should be included on the
report A list that indicates how the different systems should be treated in this type of situation
(removed from internet, removed from the network, and powered down) – Shon Harris All-in-one
CISSP Certification Guide pg 671-672 an investigation should involve management, corporate
security, human resources, the legal department, and other appropriate staff members. The act of
investigating may also affect critical operations…Thus it is important to prepare a plan beforehand
on how to handle reports of suspected computer crimes. A committee of appropriate personnel
should be set up beforehand to address the following issues Establishing a prior liaison with law
enforcement Deciding when and whether to bring in law enforcement… Setting up means of
reporting computer crimes Establishing procedures for handling and processing reports of computer
crime Planning for and conducting investigations Involving senior management and the appropriate
departments, such as legal, internal audit, information systems, and human resources Ensuring theproper collection of evidence, which includes identification and protection of the various storage
media. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 435-436