Amina Zilic
The end goal of this step is to ensure that internal training & awareness programs take place within your organization since your employees may be involved in the process of handling security incidents.
Incident response training
Training will also ensure that your employees are ready to take on roles related to the handling and preservation of evidence. Learn how to create proactive training sessions for your staff so that all those involved understand their role in the digital evidence process and the legal sensitivities of evidence.
According to IJDE, the following groups will require more specialized awareness training:
-
The investigating team
-
Corporate HR department
-
Corporate PR department (to manage any public information about the incident)
-
Owners of business processes or data
-
Line management
-
Corporate security
-
System administrators
-
IT management
-
Legal advisers
-
Senior Management (potentially up to board level)
If an incident occurs, a multi-disciplinary team will be gathered from the above-listed groups. Therefore, it is more than beneficial to keep employees educated and aware on incident response management and digital evidence handling.
Due to the sensitivity of the event and tasks themselves, it is good to have an incident response plan with listed tasks and responsibilities for each employee. This will require extensive support and training to understand the decision points, to make the right decisions, and to avoid tainting evidence or prejudicing a case. Role-play training is ideally suited to this scenario.
Therefore, as a wide range of employees may be a part of the incident response handling it is essential to ensure appropriate training to prepare staff for the various roles they may play before, during, and after an incident. It is also necessary to ensure that staff is competent to perform any roles related to the handling and preservation of evidence.
In the next step, we will learn more about incident response documents and reporting. Go to the blog to learn about the previous steps to forensic readiness.