Complete and correct collection of digital evidence, ability to identify indicators of compromise, readiness to quickly stop the incident and manage the network during the response to the threat
Process
Gathering information, checking competence of IT and information security staff, checking completeness, relevance and practicality of regulations and documentation, checking distribution of responsibility and organizational structure of the team
Result
Recommendations on setting up systems for effective response, optimization of structure and processes, response plan, standing orders, trained team