...
Upon declaration of an incident, escalation to incident response team members with scheduled availability will be initiated. Every effort must be made to ensure all team members can demonstrate proficiency in each role. The figure below depicts the IRT organizational relationship during an incident, denoting process, and information flow along with management hierarchy.
...
\ Incident Response Team (IRT) Structure
Depending on the incident, the relevant roles will be assigned according to skill requirement and availability of Triage Analysts and Incident Handlers. As the incident response team checks in, roles will be assigned according to procedure outlined in the Incident Response Team Escalation Procedure. The Information Security Management team will ensure the incident response plan and procedures are maintained and followed. For every incident there must be assigned an Incident Commander. In addition, depending on the type of incident and escalation, the senior leadership from Armor and your organization may be activated, to provide support for maintaining the staffing capacity to effectively and guidance for handling incident response scenarios, and to evangelize and support the incident response plan. Armor requests at least one member of senior leadership should be available for making hard decisions during incident response should the need arise. All aspects of the incident are documented by scribe and custody of all evidence are captured and retained as per Armor policies and procedures.
...
Armor Incident Response Process
...
\ Incident Response Process
- ### Detection and Identification
...