This is a major problem for incident response and digital forensics.  Organizational leaders assume they can start a major response in house and outsource it when things get to complex or deep.  The major issue with this assumption is that any evidence will never be destroyed, deleted or manipulated by their in house staff.  In essence, this is comparable to having your friend start open heart surgery and call in a surgeon when things start to go bad.  Sometimes, actions cause irreparable damage to your response and evidence.  Even if a professional forensics investigator can recover from the problems created by untrained/unskilled responders, it will cost the organization a considerable amount of money in the form of billable hours by a skilled responder.    

These standards bodies require timely and consistent responses to security incidents.  Consistent is the key term.  Policies, procedures, tools and knowledge should be in place to provide the response.  The vast majority of people assume digital forensics is a technical field that any geek can handle.  This assumption is a major mistake.  Pulling your resident tech geek without proper training or certification in evidentiary and legal procedures can put your response in a bad position.  The other big hurdle your organization may face is the ability for their work to hold up in a court of a law. 

These are common words in most circles.  Many security responses start off with simple assumptions.  As things escalate, it can become clear that the situation will end up in court, which can be for various reasons.  If you've utilized an untrained and uncertified responder, your chances of defending your legal argument can be placed in jeopardy.  

As always, if you ever need advice or help with a digital forensics response, please feel free to contact us.  We're here to help you with your difficult situations.