incident response procedure
Results 1 to 7 of 7

Thread: incident response procedure

  1. #1
    Banned
    Join Date
    Oct 2002
    Posts
    9

    incident response procedure

    Hey, I'm just wondering if any of you guys have a incident procedure created, on what you do when your attacked by a worm/virus/person (from a business standpoint) I'm currently trying to make one for my workplace, any help would be greatly appreciated!

  2. #2
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    Although I do not have a set of procedures laid out that I can currently share, I am about to start the SANS Incident handling training and have been doing a little bit of reading.

    Oreilly has a decent book on it:
    Incident Response: A Strategic Guide to Handling System and Network Security Breaches

    And quite a few papers can be found on the SANS/GIAC websites. Check their reading room (SANS site) and the papers written by GCIH candidates (GIAC site).

    If I come across anything in my reading I'll post it here for you.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  3. #3
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    While intended more for home users than a corporate incident response, I would refer you to my tutorial Help! I Think I've Been Hacked!!

    I would also recommend the book Incident Response by Douglas Schweitzer.

  4. #4
    AO Soccer Mom debwalin's Avatar
    Join Date
    Mar 2002
    Posts
    2,185
    Haha...I was actually looking for something else on Google, and I found this paper....it has a fairly large section on incident procedure's and recovery.

    read here
    Outside of a dog, a book is man's best friend. Inside of a dog it's too dark to read.

  5. #5
    Banned
    Join Date
    Oct 2002
    Posts
    9
    heh, thanks guys, I'll look into it a little more.

  6. #6
    Junior Member
    Join Date
    Apr 2003
    Posts
    18
    I have been reading Scene of the cybercrime, computer forensics handbook by debra littlejohn schinder. It goes into more than just procedures, but an overview of what is and isn't allowed as evidence. I haven't finished it yet, but so far its been a good read.

  7. #7
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830

    Cool

    I have been on an incident response / forensics kick. I may take the SANS GIAC certification exam for incident handling (GCIH).

    I am currently reading Incident Response by Douglas Schweitzer that I mentioned above. In line in my mountain of books to read (I currently have 44 unread books sitting in various piles in and around my desk- just on information security, nevermind fiction or even other non-fiction topics) I also have A Guide To Forensic Testimony by Fred Smith and Rebecca Bace and Computer Forensics by Warren Kruse and Jay Heiser.

    It is an interesting topic to me and a decent niche to be a guru in my opinion.

    <EDIT> Make that 45 books. I forgot to count the Draft Manuscript of some cryptography book coming out in a few months that I had placed into its own pile :-) </EDIT>


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •