Help Center/
Well-Architected Framework/
Well-Architected Framework and Practices/
Security Pillar/
Security Operations/
SEC10 Security Incident Response/
SEC10-01 Establishing a Security Response Team
Updated on 2025-05-22 GMT+08:00
SEC10-01 Establishing a Security Response Team
Establish a security incident response team and specify roles and responsibilities.
- Risk level
High
- Key strategies
The security incident response team generally includes the following roles and responsibilities:
- Security response experts lead the investigation of network security incidents, rate and report the incidents, trace attack sources, determine the impact scope, develop emergency handling measures, and promote service to control risks.
- Attack source tracing experts trace the attack source based on the attack IOC information, including the attacker information, entire attack scope, attack source tracing diagram (attack path), and attack source tracing report.
- Senior analysis experts analyze and reproduce vulnerabilities, perform reverse analysis on malicious samples, and output virus scanning scripts.
- Service security response experts assist security response personnel in investigating and analyzing incidents, execute log forensics, and provide service architecture, network architecture, and service logs to help analyze attack sources and impact scopes. Implement emergency response measures and cover security products.
Parent topic: SEC10 Security Incident Response
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot