There is no easy answer when it comes to responding to a breach. Successful organizations must understand breach response is a critical part of an incident response plan. The key to a successful incident response plan includes having executive support for cybersecurity and incident response within an organization that is independent of traditional management structure. Incident response plans should include basic components that allow investigators to quickly gather, analyze, and understand data. Data management software such as log management, security analytics, and governance, risk management, and compliance (GRC) can greatly assist incident teams responding to a breach. Lastly, an organization must instruct its public relation teams on the best methods to communicate to both internal and external parties about a breach while also informing shareholders and meeting all legal requirements.
As a network and digital forensics specialist, you likely will be involved in this process. You may be involved in only a small portion or a subset of a response process. Your role may be more technical or more managerial, but it is important to understand the full process that organizations go through in responding to a breach to be fully prepared for your own specific function.
This chapter should have given you an understanding from a management point of view how an incident response process is built. Your primary job as a network engineer is using your technical skills to provide support throughout this process. In the next chapter, we look at the details required to accomplish incident response and forensic tasks.