Which one of the following is NOT a factor to consider when establishing a core incident response
team?
A.
Technical knowledge
B.
Communication skills
C.
The recovery capability
D.
Understanding business policy
Explanation:
The team should have someone from senior management, the network
administrator, security officer, possibly a network engineer and /or programmer, and liaison for
public affairs…The incident response team should have the following basic items
List of outside agencies and resources to contact or report to
List of computer or forensics experts to contactSteps on how to secure and preserve evidence
Steps on how to search for evidence
List of items that should be included on the report
A list that indicates how the different systems should be treated in this type of situation (removed
from internet, removed from the network, and powered down) – Shon Harris All-in-one CISSP
Certification Guide pg 671-672
an investigation should involve management, corporate security, human resources, the legal
department, and other appropriate staff members. The act of investigating may also affect critical
operations…Thus it is important to prepare a plan beforehand on how to handle reports of
suspected computer crimes. A committee of appropriate personnel should be set up beforehand
to address the following issues
Establishing a prior liaison with law enforcement
Deciding when and whether to bring in law enforcement…
Setting up means of reporting computer crimes
Establishing procedures for handling and processing reports of computer crime
Planning for and conducting investigations
Involving senior management and the appropriate departments, such as legal, internal audit,
information systems, and human resources
Ensuring the proper collection of evidence, which includes identification and protection of the
various storage media. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 435-436