incident response team

Contributor(s): Sarah Lewis

An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency. Responsibilities of an incident response team include developing an incident response plan, testing for and resolving system vulnerabilities, maintaining strong security best practices and providing support for all incident handling measures. Incident response team members typically cover various technical skills, backgrounds and roles in order to be prepared for a wide range of unforeseen security incidents.

Types of incidents

In incident response, types of emergencies are usually categorized in two ways:

  1. Public incidents. These incidents affect an entire community. This could include natural disasters, terrorist attacks and widespread epidemics.
  2. Corporate/organizational incidents. These incidents are typically organization-specific and happen on a smaller scale. This could include data breaches, cybersecurity attacks and physical location threats.

Incident response teams are trained to be prepared for both types.

Examples of incidents response teams

Incident response teams are common in government organizations and businesses with valuable intellectual property. A few examples of the forms an incident response team could take are:

Content Continues Below

Computer Security Incident Response Team (CSIRT). This is a team of professionals responsible for preventing and responding to security incidents. A CSIRT may also handle aspects of incident response in other departments such as dealing with legal issues or communicating with the press.

What is an incident response team?

An incident response team refers to IT professionals within an organization who prepare for and react to any type of emergency.

Computer Emergency Response Team (CERT). This is a team of professionals in charge of handling cyber threats and vulnerabilities within an organization. In addition, CERTs tend to release their findings to the public in order to help others strengthen their security infrastructure.

Security Operations Center (SOC). This is a type of command center facility that is dedicated to monitoring, analyzing and protecting an organization from cyberattacks. An SOC is typically comprised of threat hunters and analysts that focus only on system security incident response.

This was last updated in June 2019

Continue Reading About incident response team

Dig Deeper on Enterprise network security

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What types of incidents are your incident response team members equipped to handle?

File Extensions and File Formats

Powered by: