Updated on 2025-05-22 GMT+08:00

SEC10-01 Establishing a Security Response Team

Establish a security incident response team and specify roles and responsibilities.

  • Risk level

    High

  • Key strategies

    The security incident response team generally includes the following roles and responsibilities:

    • Security response experts lead the investigation of network security incidents, rate and report the incidents, trace attack sources, determine the impact scope, develop emergency handling measures, and promote service to control risks.
    • Attack source tracing experts trace the attack source based on the attack IOC information, including the attacker information, entire attack scope, attack source tracing diagram (attack path), and attack source tracing report.
    • Senior analysis experts analyze and reproduce vulnerabilities, perform reverse analysis on malicious samples, and output virus scanning scripts.
    • Service security response experts assist security response personnel in investigating and analyzing incidents, execute log forensics, and provide service architecture, network architecture, and service logs to help analyze attack sources and impact scopes. Implement emergency response measures and cover security products.