During a security incident, an organization's SOC team identifies a series of unauthorized access attempts from an external IP address. The incident manager needs to escalate this to the appropriate team. According to the incident response plan, which role is primarily responsible for coordinating the response and communicating with stakeholders?
Trap 1: Forensic investigator
Forensic investigators focus on evidence collection, not overall coordination.
Trap 2: Communications lead
The communications lead handles external messaging but does not coordinate the entire response.
Trap 3: SOC Tier 1 analyst
Tier 1 analysts triage alerts but do not coordinate the overall response.
- A
Forensic investigator
Why wrong: Forensic investigators focus on evidence collection, not overall coordination.
- B
Communications lead
Why wrong: The communications lead handles external messaging but does not coordinate the entire response.
- C
SOC Tier 1 analyst
Why wrong: Tier 1 analysts triage alerts but do not coordinate the overall response.
- D
Incident manager
The incident manager oversees the response and communication.