Most important in your IR team is the company's legal representation and the PR unit of the company too. Some states, California comes to mind, now have a law that states that you _must_ inform the potentially damaged "customers". The last thing you want is your overzealous employee, (read geek), emailing them all himself.... It needs to be crafted by the legal beagles and the party planners, (PR)....

The other people are pretty obvious but these two are often overlooked. The protocols should also be worked out ahead of time. For example, the CEO should _not_ be part of the IR team but _must_ be in the line of communication, (they need to know all that goes on but do not need input). It needs to be made quite clear that the senior IT/Information Security person, (depending on the setup of your organization), needs to control the IT based actions and that no suspect computers should be touched without the prior permission from him/her.... It's too easy for someone to be "helpful" and mess up the whole investigation which can be the difference between a sucessful prosecution and the authorities laughing and telling you to come back next time.......