June 20th, 2003, 05:38 PM
incident response procedure
Hey, I'm just wondering if any of you guys have a incident procedure created, on what you do when your attacked by a worm/virus/person (from a business standpoint) I'm currently trying to make one for my workplace, any help would be greatly appreciated!
June 20th, 2003, 05:51 PM
Although I do not have a set of procedures laid out that I can currently share, I am about to start the SANS Incident handling training and have been doing a little bit of reading.
Oreilly has a decent book on it:
Incident Response: A Strategic Guide to Handling System and Network Security Breaches
And quite a few papers can be found on the SANS/GIAC websites. Check their reading room (SANS site) and the papers written by GCIH candidates (GIAC site).
If I come across anything in my reading I'll post it here for you.
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
June 20th, 2003, 05:53 PM
While intended more for home users than a corporate incident response, I would refer you to my tutorial Help! I Think I've Been Hacked!!
I would also recommend the book Incident Response by Douglas Schweitzer.
June 20th, 2003, 06:04 PM
Haha...I was actually looking for something else on Google, and I found this paper....it has a fairly large section on incident procedure's and recovery.
Outside of a dog, a book is man's best friend. Inside of a dog it's too dark to read.
June 20th, 2003, 06:07 PM
heh, thanks guys, I'll look into it a little more.
June 20th, 2003, 06:22 PM
I have been reading Scene of the cybercrime, computer forensics handbook by debra littlejohn schinder. It goes into more than just procedures, but an overview of what is and isn't allowed as evidence. I haven't finished it yet, but so far its been a good read.
June 20th, 2003, 07:08 PM
I have been on an incident response / forensics kick. I may take the SANS GIAC certification exam for incident handling (GCIH).
I am currently reading Incident Response by Douglas Schweitzer that I mentioned above. In line in my mountain of books to read (I currently have 44 unread books sitting in various piles in and around my desk- just on information security, nevermind fiction or even other non-fiction topics) I also have A Guide To Forensic Testimony by Fred Smith and Rebecca Bace and Computer Forensics by Warren Kruse and Jay Heiser.
It is an interesting topic to me and a decent niche to be a guru in my opinion.
<EDIT> Make that 45 books. I forgot to count the Draft Manuscript of some cryptography book coming out in a few months that I had placed into its own pile :-) </EDIT>