StakeholdersVarious departments in the organization are stakeholders in the incident response process. Each has a different perspective to the process, and each has certain roles to play in the creation of the incident response team and the creation of the formal response documents.HRThe role of the HR department involves the following responsibilities in response: Develop job descriptions for those persons who will be hired for positions involved in incident response. Create policies and procedures that support the removal of employees found to be engaging in improper or illegal activity. For example, HR should ensure that these activities are spelled out in policies and new hire documents as activities that are punishable by firing. This can help avoid employment disputes when the firing occurs.LegalThe role of the legal department is to do the following: Review nondisclosure agreements to ensure support for incident response efforts. Develop wording of documents used to contact possibly affected sites and organizations. Assess site liability for illegal computer activity.MarketingMarketing can be involved in the following activities in support of the incident response plan: Create newsletters and other educational materials to be used in employee response training. In coordination with the legal department, handle advanced preparation of media responses and internal communications regarding incidents.ManagementThe most important factor in the success of an incident response plan is the support, both verbal and financial (through the budget process), of upper management. Moreover, all other levels of management should fall in line with support of all efforts. Specifically, management’s role involves the following: Communicate the importance of the incident response plan to all parts of the organization. Create agreements that detail the authority of the incident response team to take over business systems if necessary. Create decision systems for determining when key systems must be removed from the network.