Checklist: Skillset required for an Incident Management Person

Technical Skills:

Major Areas Of Focus:

  • Incident Response
  • Computer Forensics
  • Network Security
  • Secure Architecture

( Read More: CISO Platform Top IT Security Influencers (Part 1) )

Conceptual (Understand How-It-Works):

  • Fundamental security concepts- CIA Triad(Confidentiality,Integrity,Availability),Authentication vs Authorization vs Access control, Non-Repudiation etc.
  • Working Principles & Protocols of Internet- TCP/IP, IPV4, IPV6 etc.
  • Security Domains- MDM, IDS/IPS, Database, DLP etc.
  • Transport Layer- SMTP, MIME etc.
  • Social Engineering tactics
  • **Network security (Protocols, Configurations, Infrastructure, Vulnerabilities)- MIM, Spoofing, Firewall, Routers, Public Data networks etc.
  • **Coding Practices- Secure coding, Malicious code, Buffer Overflows,Cross-site scripting etc.
  • ** Coding Languages- C, Java, Perl, Shell, Awk etc.
  • **Encryption (Processes & Algorithms)- Digital Signature & Certificate, Hash Algorithms & Encrypted Hash, AES, DH Key Exchange, PGP, DES & Triple DES, Blowfish, Twofish, Serpent

** - Preferably expertise level understanding and HandsOn in these areas, however basics must be tested first.

Expertise & handsOn:

  • Internet protocols - DNS, TLS, IPSEC, HTTP, TCP, UDP etc.
  • OS - Windows,UNIX/Linux etc.
  • File system - Zfs, NTFS, FAT etc.
  • Encryption - PGP, symmetric/asymmetric, ECB/CBC operations, AES etc.
  • DLP - network vs endpoint DLP, Vontu, Websense, Verdasys etc.
  • eDiscovery & Digital Forensics Concepts/Technologies - Encase, FTK etc.
  • Threat or Risk Modelling - STRIDE, DREAD, FAIR etc.
  • Pentesting Fundamentals
  • Technical expertise - Windows, Linux, Solaris, AIX, OS400, Apple, Databases, Routers/Firewalls

Computer Forensics:

  • Process- Data Extraction, Data Imaging, Data Preservation & Data Handling
    - Methodology for proper copy of storage devices that can be used as evidence
    - Tools like FTK, AccessData
  • Popular tools- FTK, Access Data,Caine,EnCase etc.
  • Techniques- Cross Drive Analysis(CDA), File Carving or Carving, Live Analysis, Steganalysis or Steganography Tools, Volatile Data Analysis

( Read More: Pre-launch Preview: State of Security Technology Adoption in Enterprises - Annual Report 2015 )

Added Certification

  • ENCE(Encase Certified Examiner),
  • CCE, GCFE(GIAC Certified Forensic Examiner ),
  • GCFA(GIAC Certified Forensic Analyst),
  • GREM(GIAC Reverse Engineering Malware),
  • GCIA(GIAC Certified Intrusion Analyst),
  • GCIH(GIAC Certified Incident Handler),
  • CHFI, QSA, EnCE,
  • CCE(Certified Computer Examiner),
  • ACE(AccessData Certified Examiner),
  • CISM

Personal Skills:

  1. Good Management abilities
  2. Stress Handling Capability
  3. Impromptu action taker
  4. Good Reasoning abilities
  5. Process defining abilities
  6. Good Communication skills
  7. Team worker 


1. Test scenarios.Hand over test scenarios to the recruit, the process of resolving the problem will demonstrate - logical thinking, spontaneity, knowledge, forensic basics. This can be also done in idle teams as an exercise.

2. Learner.Since information security changes every day, the personnel should be open to learning and eager to demonstrate them. Educational courses made can also be useful for other members outside CIRT.

3. Think of hiring a hacker. Big companies are hiring hackers full-time to hack their systems, this enables faster resolving the easiest hackable points, moreover the hacker thinks like a hacker!

4. Domain experts of certain fields can be a good choice like- applications, network, mail and database.

5. Consider outsourcing this effort to a consultancy which results in lower costs as you don't need a team waiting for incidents to take place, rather treat only when affected. However, this must be preceded by references and study.

6. A Legal Advisor can be of umpteen help, in assisting of gathering information, recommendations and remediation when an incident/breech takes places

(Read more: CISO Guide for Denial-of-Service (DoS) Security)


Views: 1394

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform


CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30, 2020. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by Yogesh Nov 19, 2020. 2 Replies

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20, 2020. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20, 2020. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us


Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2021   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

/* */