Information Security incidents are complex activities that can involve multiple departments, individuals and disciplines across geographically dispersed locations. Tackling computer related attacks can be an equally complex activity that requires multiple individuals to collaborate in a secure environment away from the observation of attackers.
The identification of malicious activity will often require staff to access, review, collate and process evidence from multiple sources. They will need to collaborate with system administrators, legal advisors, and senior management in a secure manner. This presents coordination, tracking, monitoring, and evidence integrity issues. In addition, the incidents are increasingly dynamic and fast flowing and rely upon the collection and preservation of digital evidence to correctly deal with the issues in a timely manner.
Without suitable planning, coordination, and management, effort can be wasted, evidence lost or compromised, and staff (especially executives and managers) can feel disconnected from the purpose of digital and cyber defence activity.