incident response procedure

Printable View

June 20th, 2003, 05:38 PM
youdadude

incident response procedure

Hey, I'm just wondering if any of you guys have a incident procedure created, on what you do when your attacked by a worm/virus/person (from a business standpoint) I'm currently trying to make one for my workplace, any help would be greatly appreciated!
June 20th, 2003, 05:51 PM
Juridian

Although I do not have a set of procedures laid out that I can currently share, I am about to start the SANS Incident handling training and have been doing a little bit of reading.

Oreilly has a decent book on it:
Incident Response: A Strategic Guide to Handling System and Network Security Breaches

And quite a few papers can be found on the SANS/GIAC websites. Check their reading room (SANS site) and the papers written by GCIH candidates (GIAC site).

If I come across anything in my reading I'll post it here for you.
June 20th, 2003, 05:53 PM
tonybradley

While intended more for home users than a corporate incident response, I would refer you to my tutorial Help! I Think I've Been Hacked!!

I would also recommend the book Incident Response by Douglas Schweitzer.
June 20th, 2003, 06:04 PM
debwalin

Haha...I was actually looking for something else on Google, and I found this paper....it has a fairly large section on incident procedure's and recovery.

read here
June 20th, 2003, 06:07 PM
youdadude

heh, thanks guys, I'll look into it a little more.
June 20th, 2003, 06:22 PM
sgtrush

I have been reading Scene of the cybercrime, computer forensics handbook by debra littlejohn schinder. It goes into more than just procedures, but an overview of what is and isn't allowed as evidence. I haven't finished it yet, but so far its been a good read.
June 20th, 2003, 07:08 PM
tonybradley

I have been on an incident response / forensics kick. I may take the SANS GIAC certification exam for incident handling (GCIH).

I am currently reading Incident Response by Douglas Schweitzer that I mentioned above. In line in my mountain of books to read (I currently have 44 unread books sitting in various piles in and around my desk- just on information security, nevermind fiction or even other non-fiction topics) I also have A Guide To Forensic Testimony by Fred Smith and Rebecca Bace and Computer Forensics by Warren Kruse and Jay Heiser.

It is an interesting topic to me and a decent niche to be a guru in my opinion.

<EDIT> Make that 45 books. I forgot to count the Draft Manuscript of some cryptography book coming out in a few months that I had placed into its own pile :-) </EDIT>