The Incident Response Coordinator or Manager has the overall responsibility for the incident response process; part of that role includes communication with external parties, such as law enforcement and other agencies. The Coordinator or Manager ensures the right information is communicated to the right stakeholders while managing the incident response from end to end.

Security Analyst is typically responsible for analyzing the incident, identifying the cause, and suggesting containment measures. Lead Investigator primarily focuses on investigating the breach, leading to identifying the vector and potentially the perpetrators. Forensic Specialist handles evidence collection and analysis, which may then be used by law enforcement, not coordinate with them. Legal Counsel may work with law enforcement, but primarily from a legal compliance and advisory standpoint, rather than leading the incident response effort.