Security Incident Responder

Overview and Key Facts

What Do They Do?

A security incident responder could...

Overview

Listen to this section

Security incident responders, also called intrusion analysts or incident response engineers, are like the "firefighters" of the cyber world. Companies can take steps to safeguard their computer networks and systems, but sometimes prevention is not enough and cyber attacks still happen. Sensitive data like customer credit card information can be stolen, entire websites could be brought down or altered, or personal contact information can be leaked. When this happens, incident responders must act quickly to find the source of the attack and shut it down. They will also analyze how the attack happened, determine the scope of the damage, and how to prevent it from happening again.

Do You Have the Skills and Characteristics of a Security Incident Responder?

1. Reading Comprehension: ? Understanding written sentences and paragraphs in work related documents.
2. Critical Thinking: ? Using logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions or approaches to problems.
3. Active Listening: ? Giving full attention to what other people are saying, taking time to understand the points being made, asking questions as appropriate, and not interrupting at inappropriate times.
4. Complex Problem Solving: ? Identifying complex problems and reviewing related information to develop and evaluate options and implement solutions.
5. Speaking: ? Talking to others to convey information effectively.

6. Writing: ? Communicating effectively in writing as appropriate for the needs of the audience.
7. Judgment and Decision Making: ? Considering the relative costs and benefits of potential actions to choose the most appropriate one.
8. Systems Analysis: ? Determining how a system should work and how changes in conditions, operations, and the environment will affect outcomes.
9. Monitoring: ? Monitoring/Assessing performance of yourself, other individuals, or organizations to make improvements or take corrective action.
10. Active Learning: ? Understanding the implications of new information for both current and future problem-solving and decision-making.

Core Tasks

Think about if you'd like the typical tasks a Security Incident Responder might do:

• Actively monitor computer systems for suspicious activity
• Evaluate current risks and vulnerabilities of computer systems
• Work closely with other cyber security professionals like penetration testers or forensic analysts
• Develop an emergency response plan that can be followed in the event of a cyber attack
• Train other non-technical personnel and management on how to follow the emergency response plan
• Respond in real-time in the event of a cyber attack to shut it down and prevent further damage
• Report to management and law enforcement in the aftermath of a cyber attack