Team lead
Definition
The person who owns the incident response process during an active incident. The team lead coordinates analyst tasks, manages escalation to leadership, makes containment decisions, and ensures the post-incident review is completed. This is a command and coordination role, not primarily a technical one.
Related terms
- CSIRT
- Computer Security Incident Response Team. The organisational unit responsible for preparing for, detecting, coordinating, and resolving security incidents. Sometimes called CERT (Computer...
- FIRST
- Forum of Incident Response and Security Teams. A global membership organisation that sets standards for CSIRT capability and facilitates trusted information sharing...
- Legal liaison
- The CSIRT role responsible for advising on legal obligations during an incident: evidence preservation requirements, breach notification deadlines, law enforcement engagement, and...
- National CERT
- A government-operated or government-designated team responsible for coordinating cyber incident information at the national level. Examples include CERT-In (India), CISA (US), NCSC...
- Retainer agreement
- A contract between an organisation and an external IR firm that guarantees a defined response time and service scope in exchange for...
Explained in
- Building a Computer Security Incident Response TeamThe person who owns the incident response process during an active incident. The team lead coordinates analyst tasks, manages escalation to leadership, makes c...