Question

As the name of the role tells, Incident Responder is someone who gets into action and responds when some incident has happened. What does he do when no incidents happen?

Answer 1

An Incident Responder takes action when a Security incident happens. He/she will have to solve the problem, find the cause of the problem and restore the security measure. Though these are the jobs he/she does when an incident occurs, there are few other tasks of an Incident Responder:

• Actively monitoring systems and networks for intrusions
• Identifying security flaws and vulnerabilities in the organization
• Performing security audits, risk analysis, network forensics and penetration testing
• Performing malware analysis and reverse engineering
• Establish protocols for communication within an organization
• Dealing with law enforcement during security incidents