10.2.2. Legal Considerations

Some important aspects of an incident response to consider include legal ramifications. Security plans should be developed with members of legal staff or some form of general counsel. Just as every company should have their own corporate security policy, every company should have its own way of handling incidents from a legal perspective. Local, state, and federal regulatory issues are beyond the scope of this document, but are mentioned because the methodology for performing a post-mortem analysis, at least in part, is dictated by (or in conjunction with) legal counsel. General counsel can alert technical staff of the legal ramifications of security breaches; the hazards of leaking a client's personal, medical, or financial records; and the importance of restoring service in mission-critical environments such as hospitals and banks.