Intrusion Detection and Response

Question

Hi All –

I have a question which I would like your input on; what are some of the ways that organizations forensics teams use to correspond with their computer incident response teams if they notice collusion between an insider and an external attacker?

Thanks for your input.

Mustafa

2 Responses to Question

  • For an organization to have a forensics team, it must be a large enterprise. A collusion is a serious crime, must likely the company will want to press charges, so that employee would serve time in prison. And since this might be the end goal, an attorney who is part of the Incident response team would need to be engaged. Most likely , the attorney may call in the FBI, and at the point all communication would follow legal protocols.
    If the question is what happens before the attorney is called, a good Forensic Analyst would probably request the assistance from the Incident Manager directly. Something like – ” Hey you have a moment, I want to run something by you” And that would start the process of outside / legal validation of collusion.

    -Deval

  • Helpful writing . I loved the details – Does someone know where my company could possibly obtain a template NJ IRP-7 version to work with ?

Leave a Reply

Your email address will not be published. Required fields are marked *